On Sat, Feb 15, 2014 at 02:35:54PM +0100, Nikolay Aleksandrov wrote:
> On 02/15/2014 02:30 PM, Patrick McHardy wrote:
> > On 15. Februar 2014 13:17:22 GMT+00:00, Nikolay Aleksandrov <nikolay@xxxxxxxxxx> wrote:
> >> The new "write" expression can be used to manipulate packet data.
> >> The parameters that it has are source register (source for the bytes
> >> which are to be written), offset in the packet and length to write.
> >> It uses a select_ops method to choose between fast ops in the cases
> >> length is 1,2 or 4 bytes and slow ops (i.e. using memcpy) in other
> >> cases.
> >>
> >> Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
> >> ---
> >> I needed a way (other than passing the packets to user-space) to alter
> >> the ToS field via nftables, so I decided to make it a bit more general.
> >> I
> >> use it with the immediate expression to load the new ToS and then write
> >> it.
> >> If you find this useful I can post the libnftnl patch as well.
> >> Right now as you can see it continues even if the "write" wasn't
> >> successful
> >> which should be probably changed to NFT_BREAK for that case.
> >
> > Yes.
> >
> >> This patch applies to Dave's net-next tree.
> >
> > I think this is a useful addition. However I prefer to put thus
> > into the payload expression and select the proper ops based on the
> > presence of sreg/dreg.
> >
> Okay, makes sense. I'll re-write it in such form taking into consideration
> the other comments and will re-post after some testing.
You can use this patch as reference to make it:
commit e035b77ac7be430a5fef8c9c23f60b6b50ec81c5
Author: Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>
Date: Thu Dec 26 16:38:01 2013 +0100
netfilter: nf_tables: nft_meta module get/set ops
That patch is similar to what you propose, but it sets the meta fields
of a packet.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
