netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets.

This patch introduces a new feature that allows bitshifting (left and right) operations to co-operate with existing iptables options. Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Jack Ma <jack.ma@alliedtelesis.co.nz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Jack Ma <jack.ma@alliedtelesis.co.nz> 2018-03-19 09:41:59 +1300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-03-20 13:41:41 +0100
commit: 472a73e00757b971d613d796374d2727b2e4954d (patch)
tree: f1bd0d43c54b6536d7ac2ef92fd344223bc5aa2e /include/uapi
parent: netfilter: ebtables: use ADD_COUNTER macro (diff)
download: linux-472a73e00757b971d613d796374d2727b2e4954d.tar.gz
linux-472a73e00757b971d613d796374d2727b2e4954d.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/xt_connmark.h b/include/uapi/linux/netfilter/xt_connmark.h
index 408a9654f05c..1aa5c955ee1e 100644
--- a/include/uapi/linux/netfilter/xt_connmark.h
+++ b/include/uapi/linux/netfilter/xt_connmark.h
@@ -19,11 +19,21 @@ enum {
 	XT_CONNMARK_RESTORE
 };
 
+enum {
+	D_SHIFT_LEFT = 0,
+	D_SHIFT_RIGHT,
+};
+
 struct xt_connmark_tginfo1 {
 	__u32 ctmark, ctmask, nfmask;
 	__u8 mode;
 };
 
+struct xt_connmark_tginfo2 {
+	__u32 ctmark, ctmask, nfmask;
+	__u8 shift_dir, shift_bits, mode;
+};
+
 struct xt_connmark_mtinfo1 {
 	__u32 mark, mask;
 	__u8 invert;
author	Jack Ma <jack.ma@alliedtelesis.co.nz>	2018-03-19 09:41:59 +1300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-03-20 13:41:41 +0100
commit	472a73e00757b971d613d796374d2727b2e4954d (patch)
tree	f1bd0d43c54b6536d7ac2ef92fd344223bc5aa2e /include/uapi
parent	netfilter: ebtables: use ADD_COUNTER macro (diff)
download	linux-472a73e00757b971d613d796374d2727b2e4954d.tar.gz linux-472a73e00757b971d613d796374d2727b2e4954d.zip