On Thu, Jan 16, 2020 at 08:51:33AM +0000, Jeremy Sowden wrote:
> On 2020-01-15, at 21:32:06 +0000, Jeremy Sowden wrote:
> > The connmark xtables extension supports bit-shifts. Add support for
> > shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:
> >
> > nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
> > nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8
> >
> > Changes since v3:
> >
> > * the length of shift values sent by nft may be less than sizeof(u32).
>
> Actually, having thought about this some more, I believe I had it right
> in v3. The difference between v3 and v4 is this:
>
> @@ -146,7 +146,7 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,
> tb[NFTA_BITWISE_DATA]);
> if (err < 0)
> return err;
> - if (d.type != NFT_DATA_VALUE || d.len != sizeof(u32) ||
> + if (d.type != NFT_DATA_VALUE || d.len > sizeof(u32) ||
> priv->data.data[0] >= BITS_PER_TYPE(u32)) {
Why restrict this to 32-bits?
> nft_data_release(&priv->data, d.type);
> return -EINVAL;
>
> However, I now think the problem is in userspace and nft should always
> send four bytes. If it sends fewer, it makes it more complicated to get
> the endianness right.
>
> Unless you think there are other changes needed that will required a v5,
> shall we just ignore v4 and stick with v3?
