From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support
Date: Mon, 27 Jan 2020 11:13:14 +0000 [thread overview]
Message-ID: <20200127111314.GA377617@azazel.net> (raw)
In-Reply-To: <20200126111251.e4kncc54umrq7mea@salvia>
[-- Attachment #1: Type: text/plain, Size: 4660 bytes --]
On 2020-01-26, at 12:12:51 +0100, Pablo Neira Ayuso wrote:
> I've been looking into (ab)using bitwise to implement add/sub. I would
> like to not add nft_arith for only this, and it seems to me much of
> your code can be reused.
>
> Do you think something like this would work?
Absolutely.
A couple of questions. What's the use-case? I find the combination of
applying the delta to every u32 and having a carry curious. Do you want
to support bigendian arithmetic (i.e., carrying to the left) as well?
I've suggested a couple of changes below.
J.
> Thanks.
>
> diff --git a/include/uapi/linux/netfilter/nf_tables.h
> b/include/uapi/linux/netfilter/nf_tables.h
> index 065218a20bb7..c4078359b6e4 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -508,11 +508,15 @@ enum nft_immediate_attributes {
> * XOR boolean operations
> * @NFT_BITWISE_LSHIFT: left-shift operation
> * @NFT_BITWISE_RSHIFT: right-shift operation
> + * @NFT_BITWISE_ADD: add operation
> + * @NFT_BITWISE_SUB: subtract operation
> */
> enum nft_bitwise_ops {
> NFT_BITWISE_BOOL,
> NFT_BITWISE_LSHIFT,
> NFT_BITWISE_RSHIFT,
> + NFT_BITWISE_ADD,
> + NFT_BITWISE_SUB,
> };
>
> /**
> diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
> index 0ed2281f03be..fd0cd2b4722a 100644
> --- a/net/netfilter/nft_bitwise.c
> +++ b/net/netfilter/nft_bitwise.c
> @@ -60,6 +60,38 @@ static void nft_bitwise_eval_rshift(u32 *dst, const
> u32 *src,
> }
> }
>
> +static void nft_bitwise_eval_add(u32 *dst, const u32 *src,
> + const struct nft_bitwise *priv)
> +{
> + u32 delta = priv->data.data[0];
> + unsigned int i, words;
> + u32 tmp = 0;
> +
> + words = DIV_ROUND_UP(priv->len, sizeof(u32));
> + for (i = 0; i < words; i++) {
> + tmp = src[i];
> + dst[i] = src[i] + delta;
> + if (dst[i] < tmp && i + 1 < words)
> + dst[i + 1]++;
> + }
> +}
for (i = 0; i < words; i++) {
dst[i] = src[i] + delta + tmp;
tmp = dst[i] < src[i] ? 1 : 0;
}
> +static void nft_bitwise_eval_sub(u32 *dst, const u32 *src,
> + const struct nft_bitwise *priv)
> +{
> + u32 delta = priv->data.data[0];
> + unsigned int i, words;
> + u32 tmp = 0;
> +
> + words = DIV_ROUND_UP(priv->len, sizeof(u32));
> + for (i = 0; i < words; i++) {
> + tmp = src[i];
> + dst[i] = src[i] - delta;
> + if (dst[i] > tmp && i + 1 < words)
> + dst[i + 1]--;
> + }
> +}
for (i = 0; i < words; i++) {
dst[i] = src[i] - delta - tmp;
tmp = dst[i] > src[i] ? 1 : 0;
}
> void nft_bitwise_eval(const struct nft_expr *expr,
> struct nft_regs *regs, const struct nft_pktinfo *pkt)
> {
> @@ -77,6 +109,12 @@ void nft_bitwise_eval(const struct nft_expr *expr,
> case NFT_BITWISE_RSHIFT:
> nft_bitwise_eval_rshift(dst, src, priv);
> break;
> + case NFT_BITWISE_ADD:
> + nft_bitwise_eval_add(dst, src, priv);
> + break;
> + case NFT_BITWISE_SUB:
> + nft_bitwise_eval_sub(dst, src, priv);
> + break;
> }
> }
>
> @@ -129,8 +167,8 @@ static int nft_bitwise_init_bool(struct
> nft_bitwise *priv,
> return err;
> }
>
> -static int nft_bitwise_init_shift(struct nft_bitwise *priv,
> - const struct nlattr *const tb[])
> +static int nft_bitwise_init_data(struct nft_bitwise *priv,
> + const struct nlattr *const tb[])
> {
> struct nft_data_desc d;
> int err;
> @@ -191,6 +229,8 @@ static int nft_bitwise_init(const struct nft_ctx
> *ctx,
> case NFT_BITWISE_BOOL:
> case NFT_BITWISE_LSHIFT:
> case NFT_BITWISE_RSHIFT:
> + case NFT_BITWISE_ADD:
> + case NFT_BITWISE_SUB:
> break;
> default:
> return -EOPNOTSUPP;
> @@ -205,7 +245,9 @@ static int nft_bitwise_init(const struct nft_ctx
> *ctx,
> break;
> case NFT_BITWISE_LSHIFT:
> case NFT_BITWISE_RSHIFT:
> - err = nft_bitwise_init_shift(priv, tb);
> + case NFT_BITWISE_ADD:
> + case NFT_BITWISE_SUB:
> + err = nft_bitwise_init_data(priv, tb);
> break;
> }
>
> @@ -226,8 +268,8 @@ static int nft_bitwise_dump_bool(struct sk_buff
> *skb,
> return 0;
> }
>
> -static int nft_bitwise_dump_shift(struct sk_buff *skb,
> - const struct nft_bitwise *priv)
> +static int nft_bitwise_dump_data(struct sk_buff *skb,
> + const struct nft_bitwise *priv)
> {
> if (nft_data_dump(skb, NFTA_BITWISE_DATA, &priv->data,
> NFT_DATA_VALUE, sizeof(u32)) < 0)
> @@ -255,7 +297,9 @@ static int nft_bitwise_dump(struct sk_buff *skb,
> const struct nft_expr *expr)
> break;
> case NFT_BITWISE_LSHIFT:
> case NFT_BITWISE_RSHIFT:
> - err = nft_bitwise_dump_shift(skb, priv);
> + case NFT_BITWISE_ADD:
> + case NFT_BITWISE_SUB:
> + err = nft_bitwise_dump_data(skb, priv);
> break;
> }
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2020-01-27 11:57 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 21:32 [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 04/10] netfilter: bitwise: add NFTA_BITWISE_OP attribute Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 08/10] netfilter: bitwise: only offload " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
2020-01-16 8:51 ` [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-16 11:22 ` Pablo Neira Ayuso
2020-01-16 11:28 ` Pablo Neira Ayuso
2020-01-16 11:41 ` Jeremy Sowden
2020-01-16 12:09 ` Pablo Neira Ayuso
2020-01-16 12:13 ` Jeremy Sowden
2020-01-16 14:48 ` Pablo Neira Ayuso
2020-01-16 14:59 ` Jeremy Sowden
2020-01-26 11:12 ` Pablo Neira Ayuso
2020-01-27 11:13 ` Jeremy Sowden [this message]
2020-01-28 10:00 ` Pablo Neira Ayuso
2020-01-28 11:31 ` Jeremy Sowden
2020-01-28 13:18 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200127111314.GA377617@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.