On Fri, Sep 09, 2016 at 12:16:56AM +0200, Florian Westphal wrote:
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
BTW, related to payload mangling, Laura sent me this report:
When adding this rule:
# nft add rule netdev filter ingress \
ip daddr 192.168.0.92 tcp dport 80 \
ether daddr set 00:03:2d:2b:74:ec fwd to enp3s0
The listing shows:
# nft list ruleset
table netdev filter {
chain ingress {
type filter hook ingress device enp0s25 priority 0; policy accept;
ip daddr 192.168.0.92 tcp dport http ether daddr set ec:74:2b:2d:03:00 fwd to "enp3s0"
^^^^^^^^^^^^^^^^^
Note that the MAC address is reversed, probably something wrong in the
delinearize path. In case you have some spare cycle, I didn't look at
this yet.
Another issue she also reported another problem with integers from
sets when using jhash and numgen, actually it's again the lack of
specific endianess of integer_type that is causing the problem so it
is not specific of the new expression.
# nft --debug=netlink add rule x y meta mark set meta cpu map { 0 : 1, 1 : 2 }
__map%d x b
__map%d x 0
element 00000000 : 00000001 0 [end] element 01000000 : 00000002 0 [end]
^^^^^^^^
note this is also in the wrong byteorder. This one, I'm working on it.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
