From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jeremy Sowden <jeremy@azazel.net>
Cc: Florian Westphal <fw@strlen.de>,
Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nftables 8/8] test: py: add tests for shifted nat port-ranges
Date: Mon, 8 May 2023 21:47:02 +0200 [thread overview]
Message-ID: <ZFlRttICtWKTGWaV@calendula> (raw)
In-Reply-To: <20230508175823.GA979099@celephais.dreamlands>
On Mon, May 08, 2023 at 06:58:23PM +0100, Jeremy Sowden wrote:
> On 2023-05-03, at 22:54:11 +0200, Pablo Neira Ayuso wrote:
> > On Tue, Apr 25, 2023 at 08:51:43PM +0100, Jeremy Sowden wrote:
> > > On 2023-04-12, at 13:06:02 +0200, Pablo Neira Ayuso wrote:
> > > > I mean, would it be possible to add a NFT_BITWISE_BOOL variant that
> > > > takes _SREG2 via select_ops?
> > >
> > > In an earlier version, instead of adding new boolean ops, I added
> > > support for passing the mask and xor arguments in registers:
> > >
> > > https://lore.kernel.org/netfilter-devel/20200224124931.512416-1-jeremy@azazel.net/
> > >
> > > Doing the same thing with one extra register is straightforward for AND
> > > and XOR:
> > >
> > > AND(x, y) = (x & y) ^ 0
> > > XOR(x, y) = (x & 1) ^ y
> > >
> > > since we can pass y in _SREG2 and 0 in _XOR for AND, and 1 in _MASK and
> > > y in _SREG2 for XOR. For OR:
> > >
> > > OR(x, y) = (x & ~y) ^ y
> > >
> > > it's a bit more complicated. Instead of getting both the mask and xor
> > > arguments from user space, we need to do something like passing y in
> > > _SREG2 alone, and then constructing the bitwise negation in the kernel.
> > >
> > > Obviously, this means that the kernel is no longer completely agnostic
> > > about the sorts of mask-and-xor expressions user space may send.
> > >
> > > Since that is the case, we could go further and just perform the
> > > original ope- rations. Thus if we get an boolean op with an _SREG2
> > > argument:
> > >
> > > * if there is an _XOR of 0, compute:
> > >
> > > _SREG & _SREG2
> > >
> > > * if there is a _MASK of 1, compute:
> > >
> > > _SREG ^ _SREG2
> > >
> > > * if there are no _MASK or _XOR arguments, compute:
> > >
> > > _SREG | _SREG2
> >
> > OK, if my understanding is correct, these are the two options:
> >
> > 1) Infer from arguments the type of operation.
> > 2) Have explicit NFT_BITWISE_{AND,OR,XOR} operations.
> >
> > If so, I think it is better to stick to your original patch, where
> > explicit bitwise operations NFT_BITWISE_{_AND,_OR,_XOR} are added
> > (which is what you proposed last time IIRC).
> >
> > Thanks for explaining.
>
> No problem. I'll get rebasing.
Please, small batch, not larger than 10 patches if possible.
next prev parent reply other threads:[~2023-05-08 19:57 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-05 10:14 [PATCH nftables 0/8] Support for shifted port-ranges in NAT Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 1/8] nat: add support for shifted port-ranges Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 2/8] masq: " Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 3/8] redir: " Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 4/8] json: formatting fixes Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 5/8] json: add support for shifted nat port-ranges Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 6/8] doc: correct NAT statement description Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 7/8] doc: add shifted port-ranges to nat statements Jeremy Sowden
2023-03-05 10:14 ` [PATCH nftables 8/8] test: py: add tests for shifted nat port-ranges Jeremy Sowden
2023-03-24 22:59 ` Florian Westphal
2023-03-25 10:35 ` Phil Sutter
2023-03-25 11:10 ` Jeremy Sowden
2023-03-26 20:41 ` Pablo Neira Ayuso
2023-03-26 20:39 ` Pablo Neira Ayuso
2023-03-27 11:08 ` Jeremy Sowden
2023-04-11 12:21 ` Jeremy Sowden
2023-04-12 11:06 ` Pablo Neira Ayuso
2023-04-25 19:51 ` Jeremy Sowden
2023-05-03 20:54 ` Pablo Neira Ayuso
2023-05-08 17:58 ` Jeremy Sowden
2023-05-08 19:47 ` Pablo Neira Ayuso [this message]
2023-04-11 8:28 ` Pablo Neira Ayuso
2023-04-11 10:25 ` Florian Westphal
2023-04-11 10:53 ` Pablo Neira Ayuso
2023-04-11 11:20 ` Florian Westphal
2023-04-11 11:43 ` Pablo Neira Ayuso
2023-04-11 12:28 ` Florian Westphal
2023-04-11 12:36 ` Florian Westphal
2023-04-12 11:22 ` Pablo Neira Ayuso
2023-04-12 11:43 ` Florian Westphal
2023-04-12 12:54 ` Pablo Neira Ayuso
2023-03-24 14:18 ` [PATCH nftables 0/8] Support for shifted port-ranges in NAT Florian Westphal
2023-03-24 16:07 ` Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFlRttICtWKTGWaV@calendula \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.