This series switches iptables-nft to use native nft expressions (payload, cmp, range, bitwise) to match on ports and tcp flags. Patches are split up to first add delinearization support and then switch the add/insert side over to generating those expressions. Florian Westphal (7): nft-shared: support native tcp port delinearize nft-shared: support native tcp port range delinearize nft-shared: support native udp port delinearize nft: prefer native expressions instead of udp match nft: prefer native expressions instead of tcp match nft-shared: add tcp flag dissection nft: add support for native tcp flag matching iptables/nft-shared.c | 436 +++++++++++++++++++++++++++++++++++++++++- iptables/nft-shared.h | 5 + iptables/nft.c | 182 ++++++++++++++++++ 3 files changed, 621 insertions(+), 2 deletions(-) -- 2.34.1
