On 4/2/26 06:38, Laine Stump wrote:
(One hopefully useful comment about GARP wembedded down there. Not enough brain cells still firing to actually look at the code :-))
On 4/1/26 3:34 AM, Dion Bosschieter wrote:
+/* + * nftablesCreateSameIPSet creates libvirts same-ip-set, + * this nft set is used in nftablesHandleGarp + * in order to see if 'arp saddr ip == arp daddr ip' + * + * In nftables 'nft' we can't match 2 fields to eachother.
I asked Phil Sutter about this and he suggested that
'arp saddr ip ^ arp daddr == 0.0.0.0'
could work? Again, haven't tried it myself since it's after midnight, but I wanted to relay what I'd heard :-)
Thank you for reaching out to Phil It will work with the patch that Phil submitted yesterday: https://lore.kernel.org/netfilter-devel/20260402184320.14862-1-phil@nwl.cc/T... I wonder what the best course of action for GARP is: - check version of nft / kernel, to see if we can "arp saddr ip ^ arp daddr ip == 0.0.0.0" - otherwise fallback to current ugly solution - or otherwise throw a warning and skip defining the GARP rule - keep ugly workaround with a TODO for now until newer versions of kernel and nft tooling are widespread - try "arp saddr ip ^ arp daddr ip == 0.0.0.0" and ignore the error and throw a warning Any other suggestions are also welcome ofcourse :)