Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> Contrary to iptables, we use '*' as wildcard as in udev since the '+' can be
> used as a valid interface name.
'*' can also be part of an interface name, seems only '/', ':', and ' '
(space) are disallowed.
> # nft --debug=netlink add rule test test iifname eth\*
> ip test test
> [ meta load iifname => reg 1 ]
> [ bitwise reg 1 = (reg=1 & 0x00ffffff 0x00000000 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
> [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ]
Why do we need a bitwise op for this?
Instead we could just ask for cmp of 3 bytes ('eth' instead of 4 'eth\0')?
You might recall ancient RFC patch for this:
https://patchwork.ozlabs.org/patch/283639/
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
