From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [RFC PATCH 0/2 nf_tables] 32/64/128-bits word addressing in nf_tables
Date: Mon, 28 Oct 2013 13:59:37 +0100 [thread overview]
Message-ID: <1382965180-9400-1-git-send-email-pablo@netfilter.org> (raw)
This is a preliminary patchset to allow nf_tables to address registers
at 32/64/128 bits word size. This is something that Patrick and I have
been discussing for a while.
The proposed approach in this patchset adds the new register addressing
to the nf_tables core, the overlapping register approach describe in
patch 1/2 is backward compatible.
Still missing a kernel patch to allow set elements higher than 128 bits,
so we can have concatenations including IPv6 addresses, but that limitation
should be easy to remove. Explicit set type selection is also required,
currently, it is selecting the rb-tree set type here, which is suboptimal.
Comments welcome.
Pablo Neira Ayuso (2):
netfilter: nf_tables: allow 32/64/128-bits register addressing
netfilter: nf_tables: round to 32 bits in payload operations
include/net/netfilter/nf_tables.h | 16 +++++-
include/uapi/linux/netfilter/nf_tables.h | 35 ++++++++++++-
net/netfilter/nf_tables_api.c | 4 +-
net/netfilter/nf_tables_core.c | 81 +++++++++++++++++++++++-------
net/netfilter/nft_bitwise.c | 10 ++--
net/netfilter/nft_byteorder.c | 10 ++--
net/netfilter/nft_cmp.c | 8 +--
net/netfilter/nft_compat.c | 16 +++---
net/netfilter/nft_ct.c | 35 +++++++------
net/netfilter/nft_exthdr.c | 9 ++--
net/netfilter/nft_hash.c | 13 +++--
net/netfilter/nft_immediate.c | 5 +-
net/netfilter/nft_limit.c | 5 +-
net/netfilter/nft_log.c | 3 +-
net/netfilter/nft_lookup.c | 9 ++--
net/netfilter/nft_meta.c | 37 +++++++-------
net/netfilter/nft_nat.c | 27 +++++-----
net/netfilter/nft_payload.c | 9 ++--
net/netfilter/nft_rbtree.c | 5 +-
19 files changed, 207 insertions(+), 130 deletions(-)
--
1.7.10.4
next reply other threads:[~2013-10-28 12:59 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-28 12:59 Pablo Neira Ayuso [this message]
2013-10-28 12:59 ` [RFC PATCH 1/2 nf_tables] netfilter: nf_tables: allow 32/64/128-bits register addressing Pablo Neira Ayuso
2013-10-28 12:59 ` [RFC PATCH 2/2 nf_tables] netfilter: nf_tables: round to 32 bits in payload operations Pablo Neira Ayuso
2013-10-28 12:59 ` [RFC PATCH nft] src: finish concatenation support using the set infrastructure Pablo Neira Ayuso
2013-10-28 13:09 ` [RFC PATCH 0/2 nf_tables] 32/64/128-bits word addressing in nf_tables Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1382965180-9400-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).