removes this harmless warning: 'ip saddr 1.2.3.4 tcp dport 22' mismatches 'ip protocol 6 ip saddr 1.2.3.4 tcp dport 22' alternative fix is to track the number of payload expressions seen in the current dependency base so we know that we had another expression (ip saddr in this case) besides the 'ip protocol' statement. But because nft doesn't add such a dependency on its own (it would have added 'meta l4proto tcp' without the ip protocol 6 statement) it seems simpler to just let nft print the rule as-is instead of adding more code. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- tests/py/inet/ip_tcp.t | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/py/inet/ip_tcp.t b/tests/py/inet/ip_tcp.t index f2a28ebdd531..4eebe3865d76 100644 --- a/tests/py/inet/ip_tcp.t +++ b/tests/py/inet/ip_tcp.t @@ -8,8 +8,8 @@ # must not remove ip dependency -- ONLY ipv4 packets should be matched ip protocol tcp tcp dport 22;ok;ip protocol 6 tcp dport 22 -# can remove it here, ip protocol is implied via saddr. -ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip saddr 1.2.3.4 tcp dport 22 +# could be remove here, ip protocol is implied via saddr. +ip protocol tcp ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 ip saddr 1.2.3.4 tcp dport 22 # but not here. ip protocol tcp counter ip saddr 1.2.3.4 tcp dport 22;ok;ip protocol 6 counter ip saddr 1.2.3.4 tcp dport 22 -- 2.13.6 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html