The connmark xtables extension supports bit-shifts. Add support for
shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:
nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8
Changes since v2:
* convert NFTA_BITWISE_DATA from u32 to nft_data;
* add check that shift value is not too large;
* use BITS_PER_TYPE to get the size of u32, rather than hard-coding it
when evaluating shifts.
Changes since v1:
* more white-space fixes;
* move bitwise op enum to UAPI;
* add NFTA_BITWISE_OP and NFTA_BITWISE_DATA;
* remove NFTA_BITWISE_LSHIFT and NFTA_BITWISE_RSHIFT;
* add helpers for initializaing, evaluating and dumping different
types of operation.
Jeremy Sowden (10):
netfilter: nf_tables: white-space fixes.
netfilter: bitwise: remove NULL comparisons from attribute checks.
netfilter: bitwise: replace gotos with returns.
netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute.
netfilter: bitwise: add helper for initializing boolean operations.
netfilter: bitwise: add helper for evaluating boolean operations.
netfilter: bitwise: add helper for dumping boolean operations.
netfilter: bitwise: only offload boolean operations.
netfilter: bitwise: add NFTA_BITWISE_DATA attribute.
netfilter: bitwise: add support for shifts.
include/uapi/linux/netfilter/nf_tables.h | 24 ++-
net/netfilter/nft_bitwise.c | 217 ++++++++++++++++++-----
net/netfilter/nft_set_bitmap.c | 4 +-
net/netfilter/nft_set_hash.c | 2 +-
4 files changed, 200 insertions(+), 47 deletions(-)
--
2.24.1
