Hi Pablo, I catched the mistake. The nft_ipv*_parse_payload function calls get_cmp_data(), and it gets the next expression, that's bitwise instead of cmp. So in nft_rule_to_iptables_command_state() the bitwise expr is skipped. I could add an operation family like nft_*_parse_cmp, but in this way I can't set the inverse flag when parsing the payload. Otherwise, I can implement the parse_bitwise as function and not as operation family and call it in parse_payload (as done for get_cmp_data). Another solution could be to add the inverse flag in nft context. Do you have any hint? Thanks -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
