On Tue, Jan 14, 2014 at 12:30:29PM +0100, Pablo Neira Ayuso wrote: > This allows us to match ifname masks, eg. > > nft add rule filter output meta oifname and eth == eth counter > > I've been investigating other possibility, such as adding > ofiname-mask, which requires several patches and transformations > to make it look binop tree, but I still think this looks like > a natural way (and simple, look at the patch, it's rather small) > to represent this in the nftables. I was just going to suggest adding a shortcut for this since its exposing a lot of low-level detail. The transformation should be quite easy during evaluation, could you elaborate on the problems? > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > src/evaluate.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/evaluate.c b/src/evaluate.c > index 94fee64..49f0f74 100644 > --- a/src/evaluate.c > +++ b/src/evaluate.c > @@ -534,7 +534,8 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr) > return -1; > right = op->right; > > - if (expr_basetype(left)->type != TYPE_INTEGER) > + if (expr_basetype(left)->type != TYPE_INTEGER && > + expr_basetype(left)->type != TYPE_STRING) > return expr_binary_error(ctx, left, op, > "Binary operation (%s) is undefined " > "for %s types", > -- > 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
