On 18.10, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > Contrary to iptables, we use '*' as wildcard as in udev since the '+' can be
> > used as a valid interface name.
>
> '*' can also be part of an interface name, seems only '/', ':', and ' '
> (space) are disallowed.
>
> > # nft --debug=netlink add rule test test iifname eth\*
> > ip test test
> > [ meta load iifname => reg 1 ]
> > [ bitwise reg 1 = (reg=1 & 0x00ffffff 0x00000000 0x00000000 0x00000000 ) ^ 0x00000000 0x00000000 0x00000000 0x00000000 ]
> > [ cmp eq reg 1 0x2a687465 0x00000000 0x00000000 0x00000000 ]
>
> Why do we need a bitwise op for this?
>
> Instead we could just ask for cmp of 3 bytes ('eth' instead of 4 'eth\0')?
>
> You might recall ancient RFC patch for this:
> https://patchwork.ozlabs.org/patch/283639/
This is actually something I think should be implemented as general
optimzation. It also applies to network address matches, where we
can also avoid loading unnecessary data. Other cases will benefit
from this as well.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
