Florian Westphal <fw@xxxxxxxxx> wrote: > If the accounting extension isn't present, we'll return a counter > value of 0. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > WARNING: It doesn't work, but AFAIU the bug is in nft_cmp which > doesn't work with u64 and gt/lt test. Following is true after 1st packet > is sent with enabled accounting: > > nft add rule filter input ct original packets gt 10 > > Seems like it only works for mark, skuid etc because those are u32 and > thus use the _fast_ops version. I take that back -- nft_cmp is fine, the culprit is lack of cpu_to_be64 in nft. This works fine with a local patch to nft + nft_byteorder.c. Problem was nft generated two htonl() calls for upper and lower half of the counter which then makes nft_cmp behave a bit random ;) I'll submit fixes soon. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
