path: root/include/linux
diff options
authorJack Ma <>2018-04-24 14:58:57 +1200
committerPablo Neira Ayuso <>2018-05-08 14:52:39 +0200
commitdb7b4e0de960c0ff86b10a3d303b4765dba13d6a (patch)
tree4de1e9c09890119bcac9bab1924b95f892a6d3f3 /include/linux
parent155e1c0c783158b3b55967a99233d37b4b3d1490 (diff)
extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark
This patch adds a new feature to iptables that allow bitshifting for --restore,set and save-mark operations. This allows existing logic operators (and, or and xor) and mask to co-operate with new bitshift operations. The intention is to provide uses with more fexible uses of skb->mark and ct->mark. For example, users can save extra bits in skb->mark: skb->mark = ct->mark << 8; Reviewed-by: Florian Westphal <> Signed-off-by: Jack Ma <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include/linux')
1 files changed, 5 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
index efc17a83..bbf2acc9 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -23,6 +23,11 @@ struct xt_connmark_tginfo1 {
__u8 mode;
+struct xt_connmark_tginfo2 {
+ __u32 ctmark, ctmask, nfmask;
+ __u8 shift_dir, shift_bits, mode;
struct xt_connmark_mtinfo1 {
__u32 mark, mask;
__u8 invert;