From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [nf-next PATCH v2 0/5] netfilter: bitwise: support boolean operations with variable RHS operands
Date: Mon, 4 Apr 2022 13:04:12 +0100 [thread overview]
Message-ID: <20220404120417.188410-1-jeremy@azazel.net> (raw)
I've resurrected the work I started a couple of years ago.
Currently bitwise boolean operations (AND, OR and XOR) can only have one
variable operand. They are converted in user space into mask-and-xor
operations on one register and two immediate values which are evaluated
by the kernel. We add support for evaluating these operations directly
in kernel space on one register and either an immediate value or a
second register.
We also add support for keeping track of the bit-length of boolean
expressions since this can be useful to user space during
delinearization.
* Patch 1 adds support for keeping track of the bit-length of
boolean expressions.
* Patches 2 & 3 make some small unrelated improvements.
* Patch 4 renames functions and an enum constant related to the current
mask-and-xor implementation in anticipation of adding support for
directly evaluating AND, OR and XOR operations.
* Patch 5 adds support for directly evaluating AND, OR and XOR
operations.
Changes since v1
* Patch 1 is new.
* In v1, all boolean operations were still expected to be
mask-and-xor operations, but the mask and xor values could be
passed in registers.
Jeremy Sowden (5):
netfilter: bitwise: keep track of bit-length of expressions
netfilter: bitwise: replace hard-coded size with `sizeof` expression
netfilter: bitwise: improve error goto labels
netfilter: bitwise: rename some boolean operation functions
netfilter: bitwise: add support for doing AND, OR and XOR directly
include/uapi/linux/netfilter/nf_tables.h | 21 ++-
net/netfilter/nft_bitwise.c | 178 +++++++++++++++++++----
2 files changed, 164 insertions(+), 35 deletions(-)
--
2.35.1
next reply other threads:[~2022-04-04 12:04 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-04 12:04 Jeremy Sowden [this message]
2022-04-04 12:04 ` [nf-next PATCH v2 1/5] netfilter: bitwise: keep track of bit-length of expressions Jeremy Sowden
2022-04-05 11:28 ` Florian Westphal
2022-04-05 20:47 ` Jeremy Sowden
2022-04-06 3:12 ` Florian Westphal
2022-05-05 19:54 ` Jeremy Sowden
2022-04-08 23:27 ` Florian Westphal
2022-04-09 9:38 ` Jeremy Sowden
2022-04-09 9:58 ` Florian Westphal
2022-04-04 12:04 ` [nf-next PATCH v2 2/5] netfilter: bitwise: replace hard-coded size with `sizeof` expression Jeremy Sowden
2022-04-09 10:07 ` Florian Westphal
2022-04-04 12:04 ` [nf-next PATCH v2 3/5] netfilter: bitwise: improve error goto labels Jeremy Sowden
2022-04-09 10:07 ` Florian Westphal
2022-04-04 12:04 ` [nf-next PATCH v2 4/5] netfilter: bitwise: rename some boolean operation functions Jeremy Sowden
2022-04-04 12:04 ` [nf-next PATCH v2 5/5] netfilter: bitwise: add support for doing AND, OR and XOR directly Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220404120417.188410-1-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).