All of lore.kernel.org
 help / color / mirror / Atom feed
* nftables matching gratuitous arp
@ 2019-08-21 19:29 michael-dev
  2019-08-21 21:00 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: michael-dev @ 2019-08-21 19:29 UTC (permalink / raw)
  To: netfilter-devel

Hi,

I'm trying to match gratuitous arp with nftables. I've tried
> nft add rule bridge filter somechain arp saddr ip == arp daddr ip

but nft (some commits before 0.9.2) says:
> Error: syntax error, unexpected daddr, expecting end of file or newline 
> or semicolon
> add rule bridge filter FORWARD arp saddr ip == arp daddr ip
                                                    ^^^^^
Looking at the description of the netlink protocol, it looks like two 
loads and a cmp of both registers would do it.

Am I'm correct that this is currently not possible with nft, so a patch 
to nft would be needed?

Thanks,
M. Braun

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: nftables matching gratuitous arp
  2019-08-21 19:29 nftables matching gratuitous arp michael-dev
@ 2019-08-21 21:00 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2019-08-21 21:00 UTC (permalink / raw)
  To: michael-dev; +Cc: netfilter-devel

michael-dev <michael-dev@fami-braun.de> wrote:
> I'm trying to match gratuitous arp with nftables. I've tried
> > nft add rule bridge filter somechain arp saddr ip == arp daddr ip
> 
> but nft (some commits before 0.9.2) says:
> > Error: syntax error, unexpected daddr, expecting end of file or newline
> > or semicolon
> > add rule bridge filter FORWARD arp saddr ip == arp daddr ip
>                                                    ^^^^^
> Looking at the description of the netlink protocol, it looks like two loads
> and a cmp of both registers would do it.

Yes, but cmp doesn't support this, see nft_cmp_eval() in
net/netfilter/nft_cmp.c .

The compare occurs between a register and a immediate value.

Having cmp (and also binops) involving a second sreg would be
good to have.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-21 21:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-21 19:29 nftables matching gratuitous arp michael-dev
2019-08-21 21:00 ` Florian Westphal

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.