Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > This will also make "nft add rule bridge filter input ip version 4" > > work since it adds support for sub-byte sized header elements. > > Are you using bitwise for that? yes: input ip version 4 [ payload load 1b @ network header + 0 => reg 1 ] [ bitwise reg 1 = (reg=1 & 0x000000f0 ) ^ 0x00000000 ] [ cmp eq reg 1 0x00000040 ] relational_binop_postprocess() is responsible to zap such implicit binops again when listing a table. > > I plan to work on the test suite again after I get v1 out (add BE support > > so we can also check nft on s390 etc). > > > > I haven't thought about it yet, first plan was to record separate traces > > for LE and BE architectures, think thats better than trying to normalize > > the endianess in the output (might also mask errors...). > > My concern is that this might replicate the number of files to > maintain. Yes, thats true, when adding new rule to test suite one would need to run nft on both LE and BE system to get the generated instructions for both... Not sure if there is a better solution though. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
