On 2020-01-15, at 10:29:07 +0100, Pablo Neira Ayuso wrote: > On Tue, Jan 14, 2020 at 09:29:17PM +0000, Jeremy Sowden wrote: > > Add a new bitwise netlink attribute that will be used by shift > > operations to store the size of the shift. It is not used by > > boolean operations. > > > > Signed-off-by: Jeremy Sowden > > --- > > include/uapi/linux/netfilter/nf_tables.h | 2 ++ > > net/netfilter/nft_bitwise.c | 5 +++++ > > 2 files changed, 7 insertions(+) > > > > diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h > > index cfda75725455..7cb85fd0d38e 100644 > > --- a/include/uapi/linux/netfilter/nf_tables.h > > +++ b/include/uapi/linux/netfilter/nf_tables.h > > @@ -503,6 +503,7 @@ enum nft_bitwise_ops { > > * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes) > > * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes) > > * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops) > > + * @NFTA_BITWISE_DATA: argument for non-boolean operations (NLA_U32) > > * > > * The bitwise expression performs the following operation: > > * > > @@ -524,6 +525,7 @@ enum nft_bitwise_attributes { > > NFTA_BITWISE_MASK, > > NFTA_BITWISE_XOR, > > NFTA_BITWISE_OP, > > + NFTA_BITWISE_DATA, > > __NFTA_BITWISE_MAX > > }; > > #define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1) > > diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c > > index 1d9079ba2102..72abaa83a8ca 100644 > > --- a/net/netfilter/nft_bitwise.c > > +++ b/net/netfilter/nft_bitwise.c > > @@ -22,6 +22,7 @@ struct nft_bitwise { > > u8 len; > > struct nft_data mask; > > struct nft_data xor; > > + u32 data; > > Could you make this struct nft_data? > > We can extend later on nft_bitwise to more operations. I was > considering to (ab)use bitwise to implement increment and decrement. I > think u32 should be enough in most cases, but I'd prefer to stick to > one 128 bit word in this case. For shift this is obviously too much, > but this would be leaving room for new operations requiring something > larger than u32. I did wonder about that. :) Will do. J.