Hi Kristian, On Tue, 24 Sep 2019, Kristian Evensen wrote: > The net,iface equal functions currently compares the full interface > names. In several cases, wildcard (or prefix) matching is useful. For > example, when converting a large iptables rule-set to make use of ipset, > I was able to significantly reduce the number of set elements by making > use of wildcard matching. > > Wildcard matching is enabled by setting the > IPSET_FLAG_IFACE_WILDCARD-flag when adding an element. When this flag > is set, only the initial part of the interface name of the set element > is used for comparison. > > I am submitting this change as an RFC, as I am not sure if my approach > with using a flag (or wildcard matching at all) is OK. Please note that > this patch is against kernel 4.14, as that is what my current devices > are running. A final submission will be against net-next. I like your patch, it's a nice extension. Please submit it against the ipset git tree, that's the easiest for me to handle the patches. I'll arrange the submission to net-next. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
