Hello again, On Mon, Jan 6, 2014 at 1:49 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > I think one single NFT_META_CONNMARK with the get/set variants should > be enough to implement the save, restore and set operations that > xt_connmark provides. > > * restore: > reg1 = get(NFT_META_CONNMARK) > set(NFT_META_MARK, reg1) > > * save: > reg1 = get(NFT_META_MARK) > set(NFT_META_CONNMARK, reg1) > > * set: > reg1 = immediate(value) > set(NFT_META_CONNMARK, reg1) I have spent some time trying to figure out how to implement this (with only one NFT_META_CONNMARK), but I can't quite figure it out. Implementing get and set of ctmark is straight forward and already working, but restore and save are causing me some problems. They are both set statements, but the current grammar requires a set statement to contain an expression. We can use the already existing bitwise operators instead of the mask provided as an argument to xt_CONNMARK, so neither save nor restore needs an argument. I was wondering if you could share your thoughts when you wrote the pseudo-code? Would an OK solution be to for example add two more meta_keys and hard-code something like the following statements: META CONNMARK_SAVE { meta_stmt_alloc(&@$, $2, 0); } META CONNMARK_RESTORE { meta_stmt_alloc(&@$, $2, 0); }? -Kristian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html