From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support
Date: Thu, 16 Jan 2020 11:41:53 +0000 [thread overview]
Message-ID: <20200116114152.GA18463@azazel.net> (raw)
In-Reply-To: <20200116112247.pfhkhii6b44iiw3n@salvia>
[-- Attachment #1: Type: text/plain, Size: 2432 bytes --]
On 2020-01-16, at 12:22:47 +0100, Pablo Neira Ayuso wrote:
> On Thu, Jan 16, 2020 at 08:51:33AM +0000, Jeremy Sowden wrote:
> > On 2020-01-15, at 21:32:06 +0000, Jeremy Sowden wrote:
> > > The connmark xtables extension supports bit-shifts. Add support
> > > for shifts to nft_bitwise in order to allow nftables to do
> > > likewise, e.g.:
> > >
> > > nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
> > > nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8
> > >
> > > Changes since v3:
> > >
> > > * the length of shift values sent by nft may be less than
> > > sizeof(u32).
> >
> > Actually, having thought about this some more, I believe I had it
> > right in v3. The difference between v3 and v4 is this:
> >
> > @@ -146,7 +146,7 @@ static int nft_bitwise_init_shift(struct nft_bitwise *priv,
> > tb[NFTA_BITWISE_DATA]);
> > if (err < 0)
> > return err;
> > - if (d.type != NFT_DATA_VALUE || d.len != sizeof(u32) ||
> > + if (d.type != NFT_DATA_VALUE || d.len > sizeof(u32) ||
> > priv->data.data[0] >= BITS_PER_TYPE(u32)) {
>
> Why restrict this to 32-bits?
Because of how I implemented the shifts. Here's the current rshift:
static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,
const struct nft_bitwise *priv)
{
u32 shift = priv->data.data[0];
unsigned int i;
u32 carry = 0;
for (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) {
dst[i] = carry | (src[i] >> shift);
carry = src[i] << (BITS_PER_TYPE(u32) - shift);
}
}
In order to support larger shifts, it would need to look something
like:
static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,
const struct nft_bitwise *priv)
{
unsigned len = DIV_ROUND_UP(priv->len, sizeof(u32));
unsigned int d = shift / BITS_PER_TYPE(u32), s = 0;
u32 shift = priv->data.data[0];
u32 carry = 0;
if (d > 0) {
memset(dst, '\0', d * sizeof(*dst));
shift %= BITS_PER_TYPE(u32);
}
for (s = 0; d < len; d++, s++) {
dst[d] = carry | (src[s] >> shift);
carry = src[s] << (BITS_PER_TYPE(u32) - shift);
}
}
J.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2020-01-16 11:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 21:32 [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 04/10] netfilter: bitwise: add NFTA_BITWISE_OP attribute Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 08/10] netfilter: bitwise: only offload " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
2020-01-16 8:51 ` [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-16 11:22 ` Pablo Neira Ayuso
2020-01-16 11:28 ` Pablo Neira Ayuso
2020-01-16 11:41 ` Jeremy Sowden [this message]
2020-01-16 12:09 ` Pablo Neira Ayuso
2020-01-16 12:13 ` Jeremy Sowden
2020-01-16 14:48 ` Pablo Neira Ayuso
2020-01-16 14:59 ` Jeremy Sowden
2020-01-26 11:12 ` Pablo Neira Ayuso
2020-01-27 11:13 ` Jeremy Sowden
2020-01-28 10:00 ` Pablo Neira Ayuso
2020-01-28 11:31 ` Jeremy Sowden
2020-01-28 13:18 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200116114152.GA18463@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.