Hello! I'm trying to write a simple match module for ebtables. Nothing fancy, just check ethertype and first 2 bytes of payload. I need to make ebtables' dnat, based on a custom in-packet tag: > ebtables -t nat -A PREROUTING -i eth0 --MYMATCH-tag 10 -j dnat --to-destination SO:ME:MA:CA:DD:RS Kernel module ebt_MYMATCH.ko is almost ready (it just accepts everything now, just a PoC for now), based mostly on ebt_vlan. What I am absolutely stuck on is xtables/libebt_MYMATCH.so library. I mean, it is written, compiled properly, and objdump reports the same structure as existing ones (say, libebt_vlan.so). The only slight problem is that ebtables doesn't detect or recognize it. When running the above ebtables example under strace, it does iterate over "standard" libebt_* libraries (with newfstatat() and openat() ) but doesn't even try to touch mine with a long stick. It doesn't even check if it is there. When I do a match with existing libebt_* (say vlan), it still does iterate over all standard libraries (for iteration's sake) and then (apparently, there's no dload() or sth) just ignores libebt_vlan.so and pulls NFT gun. That's Arch system: * ebtables 1.8.10 (nf_tables) * iptables v1.8.10 (tried both legacy and nf_tables, no change in behaviour) * kernel 6.9.3-hardened1-1-hardened I even tried with manually compiled ebtables v2.0.11 (legacy), which is, um, dated 2011. What are my options now? Any guides on writing both nft kernel modules and matching userspace libraries? Or just forget all that and use raw @base,offset,length matches? Best regards, -- Paweł Kraszewski