netfilter: xt_connmark: Add bit mapping for bit-shift operation.
authorJack Ma <jack.ma@alliedtelesis.co.nz>
Fri, 6 Apr 2018 03:45:16 +0000 (15:45 +1200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 11 Apr 2018 08:36:02 +0000 (10:36 +0200)
commitcf43ae63c024971e6df94665e829c01c22202a19
treec04e82de52cf5311edee984ddb506055c8911538
parent3f1e53abff84cf40b1adb3455d480dd295bf42e8
netfilter: xt_connmark: Add bit mapping for bit-shift operation.

With the addition of bit-shift operations, we are able to shift
ct/skbmark based on user requirements. However, this change might also
cause the most left/right hand- side mark to be accidentially lost
during shift operations.

This patch adds the ability to 'grep' certain bits based on ctmask or
nfmask out of the original mark. Then, apply shift operations to achieve
a new mapping between ctmark and skb->mark.

For example: If someone would like save the fourth F bits of ctmark
0xFFF(F)000F into the seventh hexadecimal (0) skb->mark 0xABC000(0)E.

new_targetmark = (ctmark & ctmask) >> 12;
(new) skb->mark = (skb->mark &~nfmask) ^
                    new_targetmark;

This will preserve the other bits that are not related to this
operation.

Fixes: 472a73e00757 ("netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets.")
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Jack Ma <jack.ma@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/xt_connmark.c