From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf-next v3 00/10] netfilter: nft_bitwise: shift support
Date: Wed, 15 Jan 2020 20:48:00 +0000 [thread overview]
Message-ID: <20200115204800.GF999973@azazel.net> (raw)
In-Reply-To: <20200115200557.26202-1-jeremy@azazel.net>
[-- Attachment #1: Type: text/plain, Size: 1865 bytes --]
On 2020-01-15, at 20:05:47 +0000, Jeremy Sowden wrote:
> The connmark xtables extension supports bit-shifts. Add support for
> shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:
>
> nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
> nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8
>
> Changes since v2:
>
> * convert NFTA_BITWISE_DATA from u32 to nft_data;
There's a bug in the nft_data stuff. Will fix and resend.
> * add check that shift value is not too large;
> * use BITS_PER_TYPE to get the size of u32, rather than hard-coding it
> when evaluating shifts.
>
> Changes since v1:
>
> * more white-space fixes;
> * move bitwise op enum to UAPI;
> * add NFTA_BITWISE_OP and NFTA_BITWISE_DATA;
> * remove NFTA_BITWISE_LSHIFT and NFTA_BITWISE_RSHIFT;
> * add helpers for initializaing, evaluating and dumping different
> types of operation.
>
> Jeremy Sowden (10):
> netfilter: nf_tables: white-space fixes.
> netfilter: bitwise: remove NULL comparisons from attribute checks.
> netfilter: bitwise: replace gotos with returns.
> netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute.
> netfilter: bitwise: add helper for initializing boolean operations.
> netfilter: bitwise: add helper for evaluating boolean operations.
> netfilter: bitwise: add helper for dumping boolean operations.
> netfilter: bitwise: only offload boolean operations.
> netfilter: bitwise: add NFTA_BITWISE_DATA attribute.
> netfilter: bitwise: add support for shifts.
>
> include/uapi/linux/netfilter/nf_tables.h | 24 ++-
> net/netfilter/nft_bitwise.c | 217 ++++++++++++++++++-----
> net/netfilter/nft_set_bitmap.c | 4 +-
> net/netfilter/nft_set_hash.c | 2 +-
> 4 files changed, 200 insertions(+), 47 deletions(-)
>
> --
> 2.24.1
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
prev parent reply other threads:[~2020-01-15 20:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 20:05 [PATCH nf-next v3 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 04/10] netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 08/10] netfilter: bitwise: only offload " Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
2020-01-15 20:05 ` [PATCH nf-next v3 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
2020-01-15 20:48 ` Jeremy Sowden [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200115204800.GF999973@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.