Actually, rather than "leading", it's actually "non-trailing".
On Thu, 26 Aug 2021 at 12:10, Tom Yan <tom.ty89@xxxxxxxxx> wrote:
>
> Hi,
>
> Please see the following for details:
>
> # nft --debug=netlink list table bridge meh
> bridge meh hmm 2
> [ meta load l4proto => reg 1 ]
> [ cmp eq reg 1 0x00000011 ]
> [ payload load 2b @ transport header + 2 => reg 1 ]
> [ cmp eq reg 1 0x00004300 ]
> [ immediate reg 0 accept ]
>
> bridge meh hmm 3 2
> [ meta load protocol => reg 1 ]
> [ cmp eq reg 1 0x00000008 ]
> [ meta load l4proto => reg 1 ]
> [ cmp eq reg 1 0x00000011 ]
> [ payload load 2b @ transport header + 2 => reg 1 ]
> [ cmp eq reg 1 0x00004300 ]
> [ immediate reg 0 accept ]
>
> bridge meh hmm 4 3
> [ meta load l4proto => reg 1 ]
> [ cmp eq reg 1 0x00000011 ]
> [ payload load 2b @ transport header + 2 => reg 1 ]
> [ cmp eq reg 1 0x00004300 ]
> [ meta load protocol => reg 1 ]
> [ cmp eq reg 1 0x00000008 ]
> [ immediate reg 0 accept ]
>
> table bridge meh {
> chain hmm {
> udp dport 67 accept
> udp dport 67 accept
> udp dport 67 meta protocol ip accept
> }
> }
>
> Regards,
> Tom
