Rosysong <rosysong@xxxxxxxxxxxx> wrote:
> I met a strange issue on nftables when I ran my commands on Linux (mips target, linux-4.9.102).
> Using specific ip address can not restrict the traffic flow while using broadcast address is ok (The ip for my machine is 192.168.2.223). Anybody can tell my why ??
Looks like an endianess problem, however:
# nft list ruleset
table ip filter {
chain input {
type filter hook input priority 0; policy accept;
ip daddr 10.16.64.0/21 counter packets 139 bytes 11144
}
}
Thats 4.9.103, running on s390 (also big endian).
This kernel lacks
commit 10596608c4d62cb8c1c2b806debcbd32fe657e71
netfilter: nf_tables: fix mismatch in big-endian system
but that bug only causes mismatch for matches < u32, i.e.
tcp ports and the like.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
