Hi, This series improves payload statement support for mangling bitfields, eg. # nft add rule x y tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg) inet test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 12 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x00000000 ] [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ] This requires no kernel upgrade. Related to: https://bugzilla.netfilter.org/show_bug.cgi?id=1698 I did not implement the shortcut to compact flags as described by the bugzilla ticket. Pablo Neira Ayuso (4): evaluate: payload statement evaluation for bitfields evaluate: reject unsupported expressions in payload statement for bitfields evaluate: support for bitfield payload statement with binary operation netlink_delinearize: support for bitfield payload statement with binary operation include/payload.h | 2 + src/evaluate.c | 81 +++++-- src/netlink_delinearize.c | 15 +- src/payload.c | 168 +++++++++++++++ tests/py/ip/ip.t | 17 ++ tests/py/ip/ip.t.json | 336 +++++++++++++++++++++++++++++ tests/py/ip/ip.t.payload | 82 +++++++ tests/py/ip/ip.t.payload.bridge | 365 ++++++++++++++++++++++++++++++++ tests/py/ip/ip.t.payload.inet | 280 ++++++++++++++++++++++++ tests/py/ip/ip.t.payload.netdev | 88 ++++++++ 10 files changed, 1419 insertions(+), 15 deletions(-) -- 2.30.2
