From: Patrick McHardy <kaber@trash.net>
To: Nikolay Aleksandrov <nikolay@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Subject: Re: [RFC PATCH] netfilter: nf_tables: add new write expression
Date: Sun, 16 Feb 2014 11:00:29 +0000 [thread overview]
Message-ID: <20140216110029.GA29168@macbook.localnet> (raw)
In-Reply-To: <530097A8.8010606@redhat.com>
On Sun, Feb 16, 2014 at 11:49:12AM +0100, Nikolay Aleksandrov wrote:
> On 02/16/2014 11:36 AM, Patrick McHardy wrote:
> >>
> >> netfilter: nf_tables: nft_meta module get/set ops
> >>
> >> That patch is similar to what you propose, but it sets the meta fields
> >> of a packet.
> >
> > Actually I'd propose two different init functions, that's just not pretty.
> >
> Hm, okay.
> How about something else, since I wanted to make use of the inlined payload
> fast op, couldn't I just break the dreg/sreg in separate variables and
> based on whether sreg is set act in the fast op (i.e. get/set based on
> that) ? That way we can save some code duplication and keep the ops as
> they're. (That'll work for the slow op as well actually)
I don't agree to adding a set fast op. The get fast op is meant to be
small since its the most common case and is inlined into the main loop.
Anything added there needs a *really* good justification. Modifying
packet data isn't a very common operation and should be kept seperate.
Outside of the main loop, there's no need for a fast op as well since
memcpy *is* fast and any optimized implementation will already do the
same thing you do.
> Also, there's a small problem for payload because the code in the
> select_ops function:
> if (len <= 4 && IS_ALIGNED(offset, len) && base !=
> NFT_PAYLOAD_LL_HEADER)
> return &nft_payload_fast_ops;
> else
> return &nft_payload_ops;
>
> Has a problem when the offset ends in 101b and length of 3 is used, then
> the fast ops get selected but since that case isn't handled there, we'll
> only load 1 byte from the offset, which is fine for loading since we can
> just switch to 4 bytes and mask out later the unneeded byte when comparing
> for example, but for writing it's a problem since someone might actually
> want to write out 3 bytes. Of course one can always add 2 expressions (1
> byte + 2 byte write) :-)
Good catch, we should make sure the offset is a power of two since the
fast version is only intended for well aligned loads.
Would you care to send a patch?
next prev parent reply other threads:[~2014-02-16 11:00 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-15 13:17 [RFC PATCH] netfilter: nf_tables: add new write expression Nikolay Aleksandrov
2014-02-15 13:19 ` Nikolay Aleksandrov
2014-02-15 13:30 ` Patrick McHardy
2014-02-15 13:35 ` Nikolay Aleksandrov
2014-02-16 10:09 ` Pablo Neira Ayuso
2014-02-16 10:36 ` Patrick McHardy
2014-02-16 10:49 ` Nikolay Aleksandrov
2014-02-16 11:00 ` Patrick McHardy [this message]
2014-02-16 11:05 ` Nikolay Aleksandrov
2014-02-15 13:36 ` Florian Westphal
2014-02-15 13:38 ` Nikolay Aleksandrov
2014-02-15 13:43 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140216110029.GA29168@macbook.localnet \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=nikolay@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.