michael-dev <michael-...@fami-braun.de> wrote: > I'm trying to match gratuitous arp with nftables. I've tried > > nft add rule bridge filter somechain arp saddr ip == arp daddr ip > > but nft (some commits before 0.9.2) says: > > Error: syntax error, unexpected daddr, expecting end of file or newline > > or semicolon > > add rule bridge filter FORWARD arp saddr ip == arp daddr ip > ^^^^^ > Looking at the description of the netlink protocol, it looks like two loads > and a cmp of both registers would do it.
Yes, but cmp doesn't support this, see nft_cmp_eval() in net/netfilter/nft_cmp.c . The compare occurs between a register and a immediate value. Having cmp (and also binops) involving a second sreg would be good to have.
