This allows us to match ifname masks, eg. nft add rule filter output meta oifname and eth == eth counter I've been investigating other possibility, such as adding ofiname-mask, which requires several patches and transformations to make it look binop tree, but I still think this looks like a natural way (and simple, look at the patch, it's rather small) to represent this in the nftables. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- src/evaluate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/evaluate.c b/src/evaluate.c index 94fee64..49f0f74 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -534,7 +534,8 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr) return -1; right = op->right; - if (expr_basetype(left)->type != TYPE_INTEGER) + if (expr_basetype(left)->type != TYPE_INTEGER && + expr_basetype(left)->type != TYPE_STRING) return expr_binary_error(ctx, left, op, "Binary operation (%s) is undefined " "for %s types", -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
