]>
git.ipfire.org Git - thirdparty/nftables.git/commit
nft-test: don't zap remainder of rule after handling a set
Don't delete the part after the set, i.e. given
chain input {
type filter hook input priority 0; policy accept;
vlan id { 1, 2, 4, 100, 4095} vlan pcp 1-3
}
don't remove the vlan pcp 1-3 part.
This exposes following bug:
bridge/vlan.t: WARNING: line: 32:
'nft add rule --debug=netlink bridge test-bridge input vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3': 'vlan id { 1, 2, 4, 100, 4095 } vlan pcp 1-3' mismatches 'vlan id { 4, 1, 2, 4095, 100} vlan pcp 0-0'
We do not shift the range, so on reverse translation we get a 0-0 output.
The bug will be fixes in a followup commit.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
projects / thirdparty / nftables.git / commit
