Yes, that sounds like a better solution. I will get started on adding this functionality. One question though, how should we deal with the masks? Based on my limited understanding, it is only possible to store one value per meta key. Also, what would be the preferred syntax? When looking at the existing meta set/get, I suggest something like the following: ... meta connmark set X ... meta connmark-restore ... meta connmark-save. -Kristian On Mon, Jan 6, 2014 at 1:49 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Mon, Jan 06, 2014 at 01:46:08PM +0100, Kristian Evensen wrote: >> Hi, >> >> Thanks. I noticed the addition of the get/set operation while working >> on the patch and was unsure about how to deal with setting the >> connmark, but I decided to add it for completeness sake. Perhaps a >> better idea would be to remove set from the module and only keep >> save/restore? It would simplify the code as well. > > I think one single NFT_META_CONNMARK with the get/set variants should > be enough to implement the save, restore and set operations that > xt_connmark provides. > > * restore: > reg1 = get(NFT_META_CONNMARK) > set(NFT_META_MARK, reg1) > > * save: > reg1 = get(NFT_META_MARK) > set(NFT_META_CONNMARK, reg1) > > * set: > reg1 = immediate(value) > set(NFT_META_CONNMARK, reg1) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
