From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jeremy Sowden <jeremy@azazel.net>
Cc: Florian Westphal <fw@strlen.de>,
Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nftables 8/8] test: py: add tests for shifted nat port-ranges
Date: Wed, 3 May 2023 22:54:11 +0200 [thread overview]
Message-ID: <ZFLJ886DVa1d53kc@calendula> (raw)
In-Reply-To: <20230425195143.GC5944@celephais.dreamlands>
On Tue, Apr 25, 2023 at 08:51:43PM +0100, Jeremy Sowden wrote:
> On 2023-04-12, at 13:06:02 +0200, Pablo Neira Ayuso wrote:
> > On Tue, Apr 11, 2023 at 01:21:40PM +0100, Jeremy Sowden wrote:
> > > On 2023-03-26, at 22:39:42 +0200, Pablo Neira Ayuso wrote:
> > > > Jeremy, may I suggest you pick up on the bitwise _SREG2 support?
> > > > I will post a v4 with small updates for ("mark statement support
> > > > for non-constant expression") tomorrow. Probably you don't need
> > > > the new AND and OR operations for this? Only the a new _SREG2 to
> > > > specify that input comes from non-constant?
> > >
> > > Just to clarify, do you want just the `_SREG2` infrastructure from
> > > the last patch series but without the new bitwise ops? That is to
> > > say it would be possible to send two operands to the kernel in
> > > registers, but no use would be made of it (yet). Or are you
> > > proposing to update the existing mask-and-xor ops to send right hand
> > > operands via registers?
> >
> > I mean, would it be possible to add a NFT_BITWISE_BOOL variant that
> > takes _SREG2 via select_ops?
>
> In an earlier version, instead of adding new boolean ops, I added
> support for passing the mask and xor arguments in registers:
>
> https://lore.kernel.org/netfilter-devel/20200224124931.512416-1-jeremy@azazel.net/
>
> Doing the same thing with one extra register is straightforward for AND
> and XOR:
>
> AND(x, y) = (x & y) ^ 0
> XOR(x, y) = (x & 1) ^ y
>
> since we can pass y in _SREG2 and 0 in _XOR for AND, and 1 in _MASK and
> y in _SREG2 for XOR. For OR:
>
> OR(x, y) = (x & ~y) ^ y
>
> it's a bit more complicated. Instead of getting both the mask and xor
> arguments from user space, we need to do something like passing y in
> _SREG2 alone, and then constructing the bitwise negation in the kernel.
>
> Obviously, this means that the kernel is no longer completely agnostic
> about the sorts of mask-and-xor expressions user space may send.
>
> Since that is the case, we could go further and just perform the
> original ope- rations. Thus if we get an boolean op with an _SREG2
> argument:
>
> * if there is an _XOR of 0, compute:
>
> _SREG & _SREG2
>
> * if there is a _MASK of 1, compute:
>
> _SREG ^ _SREG2
>
> * if there are no _MASK or _XOR arguments, compute:
>
> _SREG | _SREG2
OK, if my understanding is correct, these are the two options:
1) Infer from arguments the type of operation.
2) Have explicit NFT_BITWISE_{AND,OR,XOR} operations.
If so, I think it is better to stick to your original patch, where
explicit bitwise operations NFT_BITWISE_{_AND,_OR,_XOR} are added
(which is what you proposed last time IIRC).
Thanks for explaining.
next prev parent reply other threads:[~2023-05-03 20:54 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-05 10:14 [PATCH nftables 0/8] Support for shifted port-ranges in NAT Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 1/8] nat: add support for shifted port-ranges Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 2/8] masq: " Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 3/8] redir: " Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 4/8] json: formatting fixes Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 5/8] json: add support for shifted nat port-ranges Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 6/8] doc: correct NAT statement description Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 7/8] doc: add shifted port-ranges to nat statements Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 8/8] test: py: add tests for shifted nat port-ranges Jeremy Sowden
2023-03-24 22:59 ` Florian Westphal
2023-03-25 10:35 ` Phil Sutter
2023-03-25 11:10 ` Jeremy Sowden
2023-03-26 20:41 ` Pablo Neira Ayuso
2023-03-26 20:39 ` Pablo Neira Ayuso
2023-03-27 11:08 ` Jeremy Sowden
2023-04-11 12:21 ` Jeremy Sowden
2023-04-12 11:06 ` Pablo Neira Ayuso
2023-04-25 19:51 ` Jeremy Sowden
2023-05-03 20:54 ` Pablo Neira Ayuso [this message]
2023-05-08 17:58 ` Jeremy Sowden
2023-05-08 19:47 ` Pablo Neira Ayuso
2023-04-11 8:28 ` Pablo Neira Ayuso
2023-04-11 10:25 ` Florian Westphal
2023-04-11 10:53 ` Pablo Neira Ayuso
2023-04-11 11:20 ` Florian Westphal
2023-04-11 11:43 ` Pablo Neira Ayuso
2023-04-11 12:28 ` Florian Westphal
2023-04-11 12:36 ` Florian Westphal
2023-04-12 11:22 ` Pablo Neira Ayuso
2023-04-12 11:43 ` Florian Westphal
2023-04-12 12:54 ` Pablo Neira Ayuso
2023-03-24 14:18 ` [PATCH nftables 0/8] Support for shifted port-ranges in NAT Florian Westphal
2023-03-24 16:07 ` Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFLJ886DVa1d53kc@calendula \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.