This patch series aims to make raw payload expressions work. Raw payload expressions use following syntax: @base,offset,length which tells nftables user wants to read 'length' bits off 'offset' bits relative to @base. base can be either ll,nh, or th. See patch 4 for documentation update. This series doesn't add a new syntax, i.e. nft still lacks type and expects data in big-endian. nft will NOT insert protocol dependency for a raw payload expression and inputs like '192.168.0.1' will not be recognized. I think we should consider adding some 'cast' operation that would allow so, for example @th,16,16 type '"inet_service" ssh' or something similar to tell nft that "ssh" is a inet_service symbol that needs conversion to 22. This would be independent of raw payloads and might also help to do something like mark set type "meta mark" ip6 saddr i.e. force a conversion of the RHS type (including truncation). doc/nft.xml | 59 ++++++++++++++++++++++++++++++++++++++ include/expression.h | 1 src/evaluate.c | 3 + src/parser_bison.y | 3 + src/payload.c | 5 +-- tests/py/any/rawpayload.t | 19 ++++++++++++ tests/py/any/rawpayload.t.payload | 49 +++++++++++++++++++++++++++++++ tests/py/arp/arp.t | 2 + tests/py/arp/arp.t.payload | 10 ++++++ tests/py/arp/arp.t.payload.netdev | 13 ++++++++ 10 files changed, 162 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
