On Mon, Jan 25, 2021 at 04:02:50PM +0100, Phil Sutter wrote: > Hi, > > On Mon, Jan 25, 2021 at 03:31:57PM +0100, Pablo Neira Ayuso wrote: > > On Mon, Jan 25, 2021 at 02:44:32PM +0100, Phil Sutter wrote: > > > On Mon, Jan 25, 2021 at 02:34:05PM +0100, Florian Westphal wrote: > > > > Phil Sutter <phil@xxxxxx> wrote: > > > > > > diff --git a/tests/py/inet/ip.t.payload.netdev b/tests/py/inet/ip.t.payload.netdev > > > > > > index 95be919..38ed0ad 100644 > > > > > > --- a/tests/py/inet/ip.t.payload.netdev > > > > > > +++ b/tests/py/inet/ip.t.payload.netdev > > > > > > @@ -12,3 +12,17 @@ netdev test-netdev ingress > > > > > > [ payload load 6b @ link header + 6 => reg 10 ] > > > > > > [ lookup reg 1 set __set%d ] > > > > > > > > > > > > +# meta protocol ip ip saddr . ip daddr . ether saddr { 1.1.1.1 . 2.2.2.2 . ca:fe:ca:fe:ca:fe } > > > > > > +__set%d test-netdev 3 > > > > > > +__set%d test-netdev 0 > > > > > > + element 01010101 02020202 fecafeca 0000feca : 0 [end] > > > > > > +netdev test-netdev egress > > > > > > + [ meta load protocol => reg 1 ] > > > > > > + [ cmp eq reg 1 0x00000008 ] > > > > > > + [ meta load iiftype => reg 1 ] > > > > ~~~~~~~ > > > > > > > > shouldn't nft add oiftype for egress? > > > > > > Oh, you're right. So I "take everything back and claim the opposite". ;) > > > To cover for the different dependency expressions, we need to introduce > > > hook-specific payload files. :/ > > > > I'm planning to generalize iftype to check for iiftype from the > > ingress path and oiftype from the egress path. This check is there to > > make sure this is an ethernet device. This can be done once this hook > > hits net-next. > > Maybe a dumb question, but doesn't the meta protocol match suffice? If > not, can it pass while the following iftype check then fails? I think so, yes, it should be possible to generate more efficient bytecode if the rule pulls in the meta protocol. This dependency should cancel the iftype match dependency.