On Mon, 22 Nov 2021 14:29:33 +0100
Stefano Brivio <sbrivio@xxxxxxxxxx> wrote:
> On Wed, 17 Nov 2021 15:08:54 +0300
> Nikita Yushchenko <nikita.yushchenko@xxxxxxxxxxxxx> wrote:
>
> > >>> Looks like the AVX2-based lookup does not process this correctly.
> > >>
> > >> Thanks for bisecting and reporting this! I'm looking into it now, I
> > >> might be a bit slow as I'm currently traveling.
> > >
> > > Might be a bug in ebtables....
> >
> > Exactly same ebtables binary (and exactly same rule) works with
> > kernel 4.18 and all kernels up to the mentioned patch applied.
>
> Sorry for the delay, I've been offline the past days, I'll restart
> looking into this now.
I'm still debugging this but, if it helps, I found another workaround
while checking: swapping the order of IP address and MAC address
"fixes" it -- unfortunately I didn't think of this while writing the
selftests, so that's what nft_concat_range.sh checks, a set with type
"net, mac", and not "mac, net". E.g.:
table ip t {
set s {
type ipv4_addr . ether_addr
flags interval
elements = { 192.168.122.1 . 52:54:00:04:9e:00 }
}
chain c {
type filter hook input priority filter; policy accept;
ip saddr . ether saddr @s counter packets 19 bytes 1284
}
}
...of course this is due to an implementation detail (and the bug I'm
chasing), functionally it's expected to be the same.
--
Stefano
