On 27.11, Florian Westphal wrote:
> Patrick McHardy <kaber@xxxxxxxxx> wrote:
> > The VID is located after Priority and CFI.
>
> With this patch matching on vlan id does not work for me anymore
> on x86-64.
>
> With trace-patch nft but without this patch:
>
> table bridge filter {
> chain input {
> type filter hook input priority -200; policy accept;
> vlan id 4094 counter packets 827 bytes 63839
>
> With this patch, the counters remain at zero:
>
> unknown unknown & 0xfff [invalid type] == 0xffe [invalid type] counter packets 850 bytes 65375
> vlan id 4094 counter packets 0 bytes 0
>
> (The 'unknown unknown' line is the 'old' vlan rule added by unpatched
> nft binary, the 'vlan id' is the one added with the patched one).
Odd, since it decodes correctly. Could you send the output of
nft --debug=netlink with and without the patch?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
