'nft: bitoperations between ct and nf mark'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    nft: bitoperations between ct and nf mark
From:       Andreas Schultz <aschultz () tpip ! net>
Date:       2015-07-03 9:23:17
Message-ID: 1998516528.1793161.1435915397699.JavaMail.zimbra () tpip ! net
[Download RAW message or body]

Hi,

With iptables CONNMARK, one could something like:

 ... -j CONNMARK --restore-mark --nfmask 0xAA --ctmask 0x0F

There seems to be no way to replicate this with nftables meta ct
and mark.

Attemting so use something like:

meta mark set (meta & 0xffffff55) | (ct mark & 0xfffffff0)

results in:

> Error: Right hand side of binary operation (&) must be constant

How i can replicate the restore mark with masks behavior in nft?

Regards
Andreas
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic