Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Wed, Jul 27, 2016 at 02:43:12AM +0200, Florian Westphal wrote: > > 'ip6 ecn set 1' will generate a zero-sized write operation. > > Just like when matching on bit-sized header fields we need to > > round up to a byte-sized quantity and add a mask to retain those > > bits outside of the header bits that we want to change. > > > > Example: > > > > ip6 ecn set ce > > [ payload load 1b @ network header + 1 => reg 1 ] > > [ bitwise reg 1 = (reg=1 & 0x000000cf ) ^ 0x00000030 ] > > [ payload write reg 1 => 1b @ network header + 1 csum_type 0 csum_off 0 ] > > > > 1. Load the full byte containing the ecn bits > > 2 .Mask out everything *BUT* the ecn bits > > 3 .Set the CE mark > > > > This patch only works if the protcol doesn't need a checksum fixup. > > Will address this in a followup patch. > > > > This also doesn't yet include the needed reverse translation. > > > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > > --- > > src/evaluate.c | 81 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- > > 1 file changed, 77 insertions(+), 4 deletions(-) > > > > diff --git a/src/evaluate.c b/src/evaluate.c > > index 8116735..e6d4642 100644 > > --- a/src/evaluate.c > > +++ b/src/evaluate.c > > @@ -1608,13 +1608,86 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx, struct stmt *stmt) > > > > static int stmt_evaluate_payload(struct eval_ctx *ctx, struct stmt *stmt) > > { > > + struct expr *binop, *mask, *and, *payload_bytes; > > + unsigned int masklen, extra_len = 0; > > + unsigned int payload_byte_size; > > + uint8_t shift_imm, data[16]; > > Instead of hardcoding to our current maximum word size, I think you > can extract this information from the ctx. I changed it to data[NFT_REG_SIZE]. > This idiom is already used in expr_evaluate_payload(), so you can > probably wrap this code in a function, eg. payload_needs_adjustment() > in a follow up patch and we skip this comment on top of this function. Okay, can do this. > > + > > + shift_imm = expr_offset_shift(payload, payload->payload.offset, &extra_len); > > + if (shift_imm) { > > + struct expr *off; > > + > > + off = constant_expr_alloc(&payload->location, > > + expr_basetype(payload), > > + BYTEORDER_HOST_ENDIAN, > > + sizeof(shift_imm), &shift_imm); > > + > > + binop = binop_expr_alloc(&payload->location, OP_LSHIFT, > > + stmt->payload.val, off); > > + binop->dtype = payload->dtype; > > + binop->byteorder = payload->byteorder; > > This indent doesn't look correct. > > I'd suggest you amend this before pushing this out. Will do, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html