Hi netfilter@, Apparently matching beyond 2040 bits (255 bytes) starts again at 0 or something like that. Not sure whether this is intended or not, but in this case a warning would be appreciated. Thanks for your work, Julien # nft add rule inet nat prerouting udp dport 4242 @th,2040,128 0x12345678912345678912345678912345 log # nft add rule inet nat prerouting udp dport 4242 @th,2048,128 0x12345678912345678912345678912345 log # nft list ruleset | grep 4242 udp dport 4242 @th,2040,128 0x12345678912345678912345678912345 log udp dport 4242 udp sport 4660 udp dport 22136 udp length 37155 udp checksum 17767 @th,64,64 0x8912345678912345 log
