From: Giuseppe Longo <giuseppelng@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Giuseppe Longo <giuseppelng@gmail.com>
Subject: [iptables-compat PATCH 2/5 v2] nft: alloc bitwise operation for ipv4/ipv6 addresses
Date: Fri, 22 Aug 2014 11:16:30 +0200 [thread overview]
Message-ID: <1408698993-17706-2-git-send-email-giuseppelng@gmail.com> (raw)
In-Reply-To: <1408698993-17706-1-git-send-email-giuseppelng@gmail.com>
This patch permits to add a bitwise operation for IPv4/IPv6 address and mask
Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
---
iptables/nft-shared.c | 34 ++++++++++++++++++++++++++++++++++
iptables/nft-shared.h | 2 ++
2 files changed, 36 insertions(+)
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 05fb29b..3ffe877 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -82,6 +82,40 @@ void add_bitwise_u16(struct nft_rule *r, int mask, int xor)
nft_rule_add_expr(r, expr);
}
+void add_bitwise_u32(struct nft_rule *r, int mask, int xor)
+{
+ struct nft_rule_expr *expr;
+
+ expr = nft_rule_expr_alloc("bitwise");
+ if (expr == NULL)
+ return;
+
+ nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_SREG, NFT_REG_1);
+ nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_DREG, NFT_REG_1);
+ nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_LEN, sizeof(uint32_t));
+ nft_rule_expr_set(expr, NFT_EXPR_BITWISE_MASK, &mask, sizeof(uint32_t));
+ nft_rule_expr_set(expr, NFT_EXPR_BITWISE_XOR, &xor, sizeof(uint32_t));
+
+ nft_rule_add_expr(r, expr);
+}
+
+void add_bitwise_u128(struct nft_rule *r, uint8_t *mask, uint8_t *xor)
+{
+ struct nft_rule_expr *expr;
+
+ expr = nft_rule_expr_alloc("bitwise");
+ if (expr == NULL)
+ return;
+
+ nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_SREG, NFT_REG_1);
+ nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_DREG, NFT_REG_1);
+ nft_rule_expr_set_u32(expr, NFT_EXPR_BITWISE_LEN, 16);
+ nft_rule_expr_set(expr, NFT_EXPR_BITWISE_MASK, mask, 16);
+ nft_rule_expr_set(expr, NFT_EXPR_BITWISE_XOR, xor, 16);
+
+ nft_rule_add_expr(r, expr);
+}
+
void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len)
{
struct nft_rule_expr *expr;
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index c4936dd..f2896bb 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -75,6 +75,8 @@ struct nft_family_ops {
void add_meta(struct nft_rule *r, uint32_t key);
void add_payload(struct nft_rule *r, int offset, int len);
void add_bitwise_u16(struct nft_rule *r, int mask, int xor);
+void add_bitwise_u32(struct nft_rule *r, int mask, int xor);
+void add_bitwise_u128(struct nft_rule *r, uint8_t *mask, uint8_t *xor);
void add_cmp_ptr(struct nft_rule *r, uint32_t op, void *data, size_t len);
void add_cmp_u8(struct nft_rule *r, uint8_t val, uint32_t op);
void add_cmp_u16(struct nft_rule *r, uint16_t val, uint32_t op);
--
1.8.3.2
next prev parent reply other threads:[~2014-08-22 9:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-22 9:16 [iptables-compat PATCH 1/5 v2] nft: adds nft_xt_ctx struct Giuseppe Longo
2014-08-22 9:16 ` Giuseppe Longo [this message]
2014-08-22 9:16 ` [iptables-compat PATCH 3/5 v2] nft: compare layer 4 protocol in first place Giuseppe Longo
2014-08-24 13:30 ` Pablo Neira Ayuso
2014-08-22 9:16 ` [iptables-compat PATCH 4/5 v2] nft: adds a bitwise operation to a rule Giuseppe Longo
2014-08-24 14:09 ` Pablo Neira Ayuso
2014-08-22 9:16 ` [iptables-compat PATCH 5/5 v2] nft: adds parse_bitwise function Giuseppe Longo
2014-08-24 14:03 ` [iptables-compat PATCH 1/5 v2] nft: adds nft_xt_ctx struct Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1408698993-17706-2-git-send-email-giuseppelng@gmail.com \
--to=giuseppelng@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).