On 2020-01-15, at 20:05:47 +0000, Jeremy Sowden wrote: > The connmark xtables extension supports bit-shifts. Add support for > shifts to nft_bitwise in order to allow nftables to do likewise, e.g.: > > nft add rule t c oif lo ct mark set meta mark << 8 | 0xab > nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8 > > Changes since v2: > > * convert NFTA_BITWISE_DATA from u32 to nft_data; There's a bug in the nft_data stuff. Will fix and resend. > * add check that shift value is not too large; > * use BITS_PER_TYPE to get the size of u32, rather than hard-coding it > when evaluating shifts. > > Changes since v1: > > * more white-space fixes; > * move bitwise op enum to UAPI; > * add NFTA_BITWISE_OP and NFTA_BITWISE_DATA; > * remove NFTA_BITWISE_LSHIFT and NFTA_BITWISE_RSHIFT; > * add helpers for initializaing, evaluating and dumping different > types of operation. > > Jeremy Sowden (10): > netfilter: nf_tables: white-space fixes. > netfilter: bitwise: remove NULL comparisons from attribute checks. > netfilter: bitwise: replace gotos with returns. > netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute. > netfilter: bitwise: add helper for initializing boolean operations. > netfilter: bitwise: add helper for evaluating boolean operations. > netfilter: bitwise: add helper for dumping boolean operations. > netfilter: bitwise: only offload boolean operations. > netfilter: bitwise: add NFTA_BITWISE_DATA attribute. > netfilter: bitwise: add support for shifts. > > include/uapi/linux/netfilter/nf_tables.h | 24 ++- > net/netfilter/nft_bitwise.c | 217 ++++++++++++++++++----- > net/netfilter/nft_set_bitmap.c | 4 +- > net/netfilter/nft_set_hash.c | 2 +- > 4 files changed, 200 insertions(+), 47 deletions(-) > > -- > 2.24.1 > >
Attachment:
signature.asc
Description: PGP signature
