On Wed, 9 Apr 2025 15:21:33 +0530 sontu mazumdar <sontu21@xxxxxxxxx> wrote: > Florian, do we have the same test for every bit in the ipv6 address > both matching/unmatching ? If not, would it be possible to add this to > confirm that we are matching all the bits in the ipv6 address. The equivalent testing, in more detail than that, is implemented by the patch (under review) at: https://lore.kernel.org/all/20250407174048.21272-4-fw@xxxxxxxxx/ You can add more tests on top on the new one in nft_concat_range.sh, but it's not doable to test every single bit, because there are 2 ^ 128 possible IPv6 addresses. I guess you could add a test looping on bytes or groups of 16 bits. > Also, a general question, where is this netfilter code maintained ? I > found this github where the code is present "GitHub - torvalds/linux: > Linux kernel source tree" but couldn't see this fix in Pull request. netfilter doesn't use GitHub. See: https://www.netfilter.org/projects/nftables/index.html#git -- Stefano
