On Wed, Jan 15, 2020 at 09:32:06PM +0000, Jeremy Sowden wrote:
> The connmark xtables extension supports bit-shifts. Add support for
> shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:
>
> nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
> nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8
>
> Changes since v3:
>
> * the length of shift values sent by nft may be less than sizeof(u32).
>
> Changes since v2:
>
> * convert NFTA_BITWISE_DATA from u32 to nft_data;
> * add check that shift value is not too large;
> * use BITS_PER_TYPE to get the size of u32, rather than hard-coding it
> when evaluating shifts.
Series applied, thanks.
I made a few updates:
* Replaced -EINVAL by -EOPNOTSUPP in case NFTA_BITWISE_OP is not
supported. -EINVAL is usually reserved to missing netlink attribute /
malformed netlink message (actually, you can find many spots where
this is a bit overloaded with different "meanings", but just trying
to stick to those semantics here).
* Replaced:
return nft_bitwise_init_bool(priv, tb);
by:
err = nft_bitwise_init_bool(priv, tb);
break;
}
return err;
in a few spots, I hope I did not break anything.
I tend to find that easier to read today, minor things like this are
very much debatable.
Thanks.
