hash:net,iface supports matching on the bridge port as well,
but userspace currently doesn't handle it correctly as it passes
in 'physdev:eth0' instead of 'eth0'+IPSET_OPT_PHYSDEV.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
lib/parse.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/parse.c b/lib/parse.c
index f1c1f0e..4db872e 100644
--- a/lib/parse.c
+++ b/lib/parse.c
@@ -1753,14 +1753,15 @@ ipset_parse_iface(struct ipset_session *session,
{
struct ipset_data *data;
int offset = 0, err = 0;
+ static const char pdev_prefix[]="physdev:";
assert(session);
assert(opt == IPSET_OPT_IFACE);
assert(str);
data = ipset_session_data(session);
- if (STREQ(str, "physdev:")) {
- offset = 8;
+ if (STRNEQ(str, pdev_prefix, strlen(pdev_prefix))) {
+ offset = strlen(pdev_prefix);
err = ipset_data_set(data, IPSET_OPT_PHYSDEV, str);
if (err < 0)
return err;
--
1.8.1.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
