On Thu, Jan 16, 2020 at 12:22:47PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Jan 16, 2020 at 08:51:33AM +0000, Jeremy Sowden wrote:
> > On 2020-01-15, at 21:32:06 +0000, Jeremy Sowden wrote:
> > > The connmark xtables extension supports bit-shifts. Add support for
> > > shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:
> > >
> > > nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
> > > nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8
> > >
> > > Changes since v3:
> > >
> > > * the length of shift values sent by nft may be less than sizeof(u32).
> >
> > Actually, having thought about this some more, I believe I had it right
> > in v3. The difference between v3 and v4 is this:
> >
> > @@ -146,7 +146,7 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,
> > tb[NFTA_BITWISE_DATA]);
> > if (err < 0)
> > return err;
> > - if (d.type != NFT_DATA_VALUE || d.len != sizeof(u32) ||
> > + if (d.type != NFT_DATA_VALUE || d.len > sizeof(u32) ||
> > priv->data.data[0] >= BITS_PER_TYPE(u32)) {
>
> Why restrict this to 32-bits?
Ah, I see, only for the shift case. Indeed, makes sense :-)
Let me have a look at v3.
