Álvaro Neira Ayuso <alvaroneay@xxxxxxxxx> wrote: > >>Now, when we add a rule with DSCP, in the code generation step, nftables > >>compares 1 bytes but it should compare 6 bits. I think that the problem should > >>be in the code generation. > > > >I don't really see how this patch changes this. The kernel operates in units > >of bytes. For anything smaller nftables will have to generate appropriate > >bitwise operations. Please explain in more detail how this patch changes this. > > > > Now, nothing. For that it's stopped. I'm working for doing a patch > for operating in the kernel not only with units of bytes like you > say. In a couple of days, I'm going to send it to the list. Are you sure this is the right approach? It might be better to create appropriate masking instructions in userspace, in most cases byte addressing is sufficient. Something like this (warning: untested, misses 'reverse' mapping to remove the implicit bitops when listing rules): http://git.breakpoint.cc/cgit/fw/nftables.git/commit/?h=payload_offset_04&id=76ac27643400111785a8abb21fdd9e4311d9876e -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
