Stuart, The flag is there to not change old behavior. Of course matching the beggining of mac make sense the rest is just strange behavior. But a mac address could be spoof, so it may be used.
Its just a - and an if else. thx. I do not understand the other complain. especilly when it s userland code (the string stuff was done inside ifconfig) Maybe 'you' meant: ifconfig bridge0 rule pass in on fxp0 src de:ff:de:ff:de:ff mask 00:ff:00:ff:00:ff and then do | before bcmp which would be nicer and i can remove the flag by putting a default mask agree Henning ? 2012/6/30 Stuart Henderson <s...@spacehopper.org> > On 2012/06/29 20:05, sven falempin wrote: > > ifconfig bridge0 rule pass in on fxp0 src de:ff:* > > wouldn't it be simpler to just allow a mask value to be set, > then you don't need to mess with extra flag variables, just mask > the MAC address with this value before comparison. > > > ifconfig bridge0 rule pass in on fxp0 src *:de:ff > > what use-case do you have for this? matching on the vendor part > sort-of makes sense, but I'm at a loss to see anywhere you might want > to match the *end* of a MAC address and ignore the start... > > -- --------------------------------------------------------------------------------------------------------------------- () ascii ribbon campaign - against html e-mail /\