Changli Gao <xiaosuo@xxxxxxxxx> wrote: > I know it is difficult. Do you have any plan to support this kind of > features? Or, is there any way to work around this issue? Yes, I think we should extend bitwise first, since that would make this work: src/nft -e -a --debug=netlink add rule inet filter input \ ct mark set "ct mark & 0xffff0000 | meta mark & 0xffff" inet filter input [ meta load mark => reg 2 ] [ bitwise reg 2 = (reg=2 & 0x0000ffff ) ^ 0x00000000 ] [ ct load mark => reg 1 ] [ bitwise reg 1 = (reg=1 & 0xffffffff ) ^ reg 2] [ ct set mark with reg 1 ] As you can see I have netlink linearization part working, don't know yet when I will start working on kernel part (or testing of this thing for that matter ...).
