[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    Re: Mask as part of element in set
From:       Vlad Tsisyk <vlad () tsisyk ! com>
Date:       2024-03-28 8:20:34
Message-ID: CAOzR2PenHJ2tja_cLGHz4UAH3OasesTRcx6+DvUj6iTHjFpsYA () mail ! gmail ! com
[Download RAW message or body]

Thank you for your answer!

ср, 27 мар. 2024 г. в 16:16, Pablo Neira Ayuso <pablo@netfilter.org>:
>
> On Wed, Mar 27, 2024 at 03:36:19PM +0700, Vlad Tsisyk wrote:
> > I have a set of pairs of MAC address and mask:
> >
> > aa:bb:cc:dd:ee:ff 00:ff:ff:ff:ff:ff
>
> You would like to match this?
>
>   xx:bb:cc:dd:ee:ff

Yes, I want to match those addresses, where the first byte can be anything.

> that is:
>
> nft --debug=netlink add rule ip t c ether saddr and MASK == VALUE

Sorry for my mistake. I swapped MASK and VALUE for no reason.

> > But I have to create a new rule for each pair. Is there any
> > workarounds to use sets?
>
> You can use ranges in sets.

I was thinking about ranges, but ranges will not allow match over LSBs
of MAC ignoring MSBs.

[prev in list] [next in list] [prev in thread] [next in thread]