From db7b4e0de960c0ff86b10a3d303b4765dba13d6a Mon Sep 17 00:00:00 2001
From: Jack Ma <jack.ma@alliedtelesis.co.nz>
Date: Tue, 24 Apr 2018 14:58:57 +1200
Subject: extensions: libxt_CONNMARK: Support bit-shifting for --restore,set
 and save-mark

This patch adds a new feature to iptables that allow bitshifting for
--restore,set and save-mark operations. This allows existing logic
operators (and, or and xor) and mask to co-operate with new bitshift
operations.

The intention is to provide uses with more fexible uses of skb->mark
and ct->mark. For example, users can save extra bits in skb->mark:
        skb->mark = ct->mark << 8;

Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Jack Ma <jack.ma@alliedtelesis.co.nz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/xt_connmark.h | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'include')

diff --git a/include/linux/netfilter/xt_connmark.h b/include/linux/netfilter/xt_connmark.h
index efc17a83..bbf2acc9 100644
--- a/include/linux/netfilter/xt_connmark.h
+++ b/include/linux/netfilter/xt_connmark.h
@@ -23,6 +23,11 @@ struct xt_connmark_tginfo1 {
 	__u8 mode;
 };
 
+struct xt_connmark_tginfo2 {
+	__u32 ctmark, ctmask, nfmask;
+	__u8 shift_dir, shift_bits, mode;
+};
+
 struct xt_connmark_mtinfo1 {
 	__u32 mark, mask;
 	__u8 invert;
-- 
cgit v1.2.3