Re: [PATCH nft v5 0/8] Bitwise boolean operations with variable RHS operands

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Phil Sutter <phil@nwl.cc>
To: Jeremy Sowden <jeremy@azazel.net>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>,
	Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH nft v5 0/8] Bitwise boolean operations with variable RHS operands
Date: Thu, 22 May 2025 13:51:16 +0200	[thread overview]
Message-ID: <aC8PtK-7XjoHOmPD@orbyte.nwl.cc> (raw)
In-Reply-To: <20230528140058.1218669-1-jeremy@azazel.net>

On Sun, May 28, 2023 at 03:00:50PM +0100, Jeremy Sowden wrote:
> This patch-set adds support for new bitwise boolean operations to
> nftables, and uses this to extend the types of value which can be
> assigned to packet marks and payload fields.  The original motivation
> for these changes was Kevin Darbyshire-Bryant's wish to be able to set
> the conntrack mark to a bitwise expression derived from a DSCP value:
> 
>   https://lore.kernel.org/netfilter-devel/20191203160652.44396-1-ldir@darbyshire-bryant.me.uk/#r
> 
> For example:
> 
>   nft add rule t c ct mark set ip dscp lshift 26 or 0x10
> 
> Examples like this could be implemented solely by changes to user space.
> However, other examples came up in later discussion, such as:
> 
>   nft add rule t c ct mark set ct mark and 0xffff0000 or meta mark and 0xffff
> 
> and most recently:
> 
>   nft add rule t c ct mark set ct mark or ip dscp or 0x200
> 
> which require boolean bitwise operations with two variable operands.
> 
> Hitherto, the kernel has required that AND, OR and XOR operations be
> converted in user space to mask-and-xor operations on one register and
> two immediate values.  The related kernel space patch-set, however, adds
> support for performing these operations directly on one register and an
> immediate value, or on two registers.  This patch-set extends nftables
> to make use of this functionality.
> 
> The previous version of this series also included a few small changes to
> make it easier to add debug output and changes to support the assign-
> ments which did not require binops on two registers.  The former have
> been dropped and the latter were reworked and applied by Pablo.  The
> following remain.
> 
> * Patch 1 adds support for linearizing and delinearizing the new
>   operations.
> * Patches 2-7 add support for using them in payload and mark
>   assignments.
> * Patch 8 adds tests for the new assignments.
> 
> Jeremy Sowden (8):
>   netlink: support (de)linearization of new bitwise boolean operations
>   netlink_delinearize: refactor stmt_payload_binop_postprocess
>   netlink_delinearize: add support for processing variable payload
>     statement arguments
>   evaluate: prevent nested byte-order conversions
>   evaluate: preserve existing binop properties
>   evaluate: allow binop expressions with variable right-hand operands
>   parser_json: allow RHS mark and payload expressions
>   tests: add tests for binops with variable RHS operands

Reviewed-by: Phil Sutter <phil@nwl.cc>

     prev parent reply	other threads:[~2025-05-22 11:51 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-28 14:00 [PATCH nft v5 0/8] Bitwise boolean operations with variable RHS operands Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 1/8] netlink: support (de)linearization of new bitwise boolean operations Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 2/8] netlink_delinearize: refactor stmt_payload_binop_postprocess Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 3/8] netlink_delinearize: add support for processing variable payload statement arguments Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 4/8] evaluate: prevent nested byte-order conversions Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 5/8] evaluate: preserve existing binop properties Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 6/8] evaluate: allow binop expressions with variable right-hand operands Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 7/8] parser_json: allow RHS mark and payload expressions Jeremy Sowden
2023-05-28 14:00 ` [PATCH nft v5 8/8] tests: add tests for binops with variable RHS operands Jeremy Sowden
2025-05-22 11:51 ` Phil Sutter [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aC8PtK-7XjoHOmPD@orbyte.nwl.cc \
    --to=phil@nwl.cc \
    --cc=jeremy@azazel.net \
    --cc=ldir@darbyshire-bryant.me.uk \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.