On Mon, Feb 17, 2014 at 10:05:07PM +0100, Florian Westphal wrote: > should always generate cmp op (its enum 0, 1 in kernel). > > Note: 'original,reply' will no longer work after this patch. This is also fixing the bytecode that is generated for: nft add rule ip filter output ct direction reply counter ip filter output 54 53 [ ct load direction => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x00000001 ) ^ 0x00000000 ] [ cmp neq reg 1 0x00000000 ] [ counter pkts 0 bytes 0 ] and the output: ct direction & reply != original counter packets 0 bytes 0 which doesn't obviously work. To this: ip filter output 57 56 [ ct load direction => reg 1 ] [ cmp eq reg 1 0x00000001 ] [ counter pkts 0 bytes 0 ] Feel free to push it. Thanks! Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
