* [PATCH libnftnl v2 0/6] bitwise shift support
@ 2020-01-17 20:58 Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 1/6] Update gitignore Jeremy Sowden
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
The kernel supports bitwise shift operations. This patch-set adds the
support to libnftnl. There are couple of preliminary housekeeping
patches.
Jeremy Sowden (6):
Update gitignore.
bitwise: fix some incorrect indentation.
bitwise: add helper to print boolean expressions.
include: update nf_tables.h.
bitwise: add support for new netlink attributes.
bitwise: add support for left- and right-shifts.
.gitignore | 9 ++
include/libnftnl/expr.h | 2 +
include/linux/netfilter/nf_tables.h | 24 +++-
src/expr/bitwise.c | 93 +++++++++++--
tests/nft-expr_bitwise-test.c | 204 +++++++++++++++++++++++++---
5 files changed, 304 insertions(+), 28 deletions(-)
--
2.24.1
^ permalink raw reply [flat|nested] 9+ messages in thread
* [PATCH libnftnl v2 1/6] Update gitignore.
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
@ 2020-01-17 20:58 ` Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 2/6] bitwise: fix some incorrect indentation Jeremy Sowden
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
Add ctags and etags tag files, and Emacs back-up files.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
.gitignore | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.gitignore b/.gitignore
index 1650e5853cd0..e62f850fddf6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,12 @@ examples/*
tests/*
!tests/*.c
!tests/Makefile.am
+
+# Tag files for Vim and Emacs.
+TAGS
+tags
+
+# Emacs back-up files
+*~
+\#*\#
+.\#*
--
2.24.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH libnftnl v2 2/6] bitwise: fix some incorrect indentation.
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 1/6] Update gitignore Jeremy Sowden
@ 2020-01-17 20:58 ` Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 3/6] bitwise: add helper to print boolean expressions Jeremy Sowden
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
src/expr/bitwise.c | 12 ++++++------
tests/nft-expr_bitwise-test.c | 4 ++--
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index c9d40df34b54..489ee8420c44 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -31,7 +31,7 @@ struct nftnl_expr_bitwise {
static int
nftnl_expr_bitwise_set(struct nftnl_expr *e, uint16_t type,
- const void *data, uint32_t data_len)
+ const void *data, uint32_t data_len)
{
struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
@@ -61,7 +61,7 @@ nftnl_expr_bitwise_set(struct nftnl_expr *e, uint16_t type,
static const void *
nftnl_expr_bitwise_get(const struct nftnl_expr *e, uint16_t type,
- uint32_t *data_len)
+ uint32_t *data_len)
{
struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
@@ -127,7 +127,7 @@ nftnl_expr_bitwise_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_MASK);
mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->mask.len,
- bitwise->mask.val);
+ bitwise->mask.val);
mnl_attr_nest_end(nlh, nest);
}
if (e->flags & (1 << NFTNL_EXPR_BITWISE_XOR)) {
@@ -135,7 +135,7 @@ nftnl_expr_bitwise_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_XOR);
mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->xor.len,
- bitwise->xor.val);
+ bitwise->xor.val);
mnl_attr_nest_end(nlh, nest);
}
}
@@ -185,14 +185,14 @@ static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &bitwise->mask,
- NFTNL_OUTPUT_DEFAULT, 0, DATA_VALUE);
+ NFTNL_OUTPUT_DEFAULT, 0, DATA_VALUE);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = snprintf(buf + offset, remain, ") ^ ");
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &bitwise->xor,
- NFTNL_OUTPUT_DEFAULT, 0, DATA_VALUE);
+ NFTNL_OUTPUT_DEFAULT, 0, DATA_VALUE);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
return offset;
diff --git a/tests/nft-expr_bitwise-test.c b/tests/nft-expr_bitwise-test.c
index 64c14466dbd2..e37d85832072 100644
--- a/tests/nft-expr_bitwise-test.c
+++ b/tests/nft-expr_bitwise-test.c
@@ -28,7 +28,7 @@ static void print_err(const char *msg)
}
static void cmp_nftnl_expr(struct nftnl_expr *rule_a,
- struct nftnl_expr *rule_b)
+ struct nftnl_expr *rule_b)
{
uint32_t maska, maskb;
uint32_t xora, xorb;
@@ -50,8 +50,8 @@ static void cmp_nftnl_expr(struct nftnl_expr *rule_a,
nftnl_expr_get(rule_b, NFTNL_EXPR_BITWISE_XOR, &xorb);
if (xora != xorb)
print_err("Size of BITWISE_XOR mismatches");
-
}
+
int main(int argc, char *argv[])
{
struct nftnl_rule *a, *b = NULL;
--
2.24.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH libnftnl v2 3/6] bitwise: add helper to print boolean expressions.
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 1/6] Update gitignore Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 2/6] bitwise: fix some incorrect indentation Jeremy Sowden
@ 2020-01-17 20:58 ` Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 4/6] include: update nf_tables.h Jeremy Sowden
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
Move the code for printing boolean expressions into a separate function.
Another function will be added for shifts later.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
src/expr/bitwise.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 489ee8420c44..472bf59f7ad5 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -174,10 +174,10 @@ nftnl_expr_bitwise_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
-static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
- const struct nftnl_expr *e)
+static int
+nftnl_expr_bitwise_snprintf_bool(char *buf, size_t size,
+ const struct nftnl_expr_bitwise *bitwise)
{
- struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
int remain = size, offset = 0, ret;
ret = snprintf(buf, remain, "reg %u = (reg=%u & ",
@@ -198,6 +198,14 @@ static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
return offset;
}
+static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
+ const struct nftnl_expr *e)
+{
+ struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
+
+ return nftnl_expr_bitwise_snprintf_bool(buf, size, bitwise);
+}
+
static int
nftnl_expr_bitwise_snprintf(char *buf, size_t size, uint32_t type,
uint32_t flags, const struct nftnl_expr *e)
--
2.24.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH libnftnl v2 4/6] include: update nf_tables.h.
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
` (2 preceding siblings ...)
2020-01-17 20:58 ` [PATCH libnftnl v2 3/6] bitwise: add helper to print boolean expressions Jeremy Sowden
@ 2020-01-17 20:58 ` Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 5/6] bitwise: add support for new netlink attributes Jeremy Sowden
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
The kernel UAPI header includes a couple of new bitwise netlink
attributes and an enum.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
include/libnftnl/expr.h | 2 ++
include/linux/netfilter/nf_tables.h | 24 ++++++++++++++++++++++--
2 files changed, 24 insertions(+), 2 deletions(-)
diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
index 3e0f5b078c7a..cfe456dbc7a5 100644
--- a/include/libnftnl/expr.h
+++ b/include/libnftnl/expr.h
@@ -116,6 +116,8 @@ enum {
NFTNL_EXPR_BITWISE_LEN,
NFTNL_EXPR_BITWISE_MASK,
NFTNL_EXPR_BITWISE_XOR,
+ NFTNL_EXPR_BITWISE_OP,
+ NFTNL_EXPR_BITWISE_DATA,
};
enum {
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index e237ecbdcd8a..59455e7fec93 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -484,6 +484,20 @@ enum nft_immediate_attributes {
};
#define NFTA_IMMEDIATE_MAX (__NFTA_IMMEDIATE_MAX - 1)
+/**
+ * enum nft_bitwise_ops - nf_tables bitwise operations
+ *
+ * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and
+ * XOR boolean operations
+ * @NFT_BITWISE_LSHIFT: left-shift operation
+ * @NFT_BITWISE_RSHIFT: right-shift operation
+ */
+enum nft_bitwise_ops {
+ NFT_BITWISE_BOOL,
+ NFT_BITWISE_LSHIFT,
+ NFT_BITWISE_RSHIFT,
+};
+
/**
* enum nft_bitwise_attributes - nf_tables bitwise expression netlink attributes
*
@@ -492,12 +506,16 @@ enum nft_immediate_attributes {
* @NFTA_BITWISE_LEN: length of operands (NLA_U32)
* @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes)
* @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes)
+ * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
+ * @NFTA_BITWISE_DATA: argument for non-boolean operations
+ * (NLA_NESTED: nft_data_attributes)
*
- * The bitwise expression performs the following operation:
+ * The bitwise expression supports boolean and shift operations. It implements
+ * the boolean operations by performing the following operation:
*
* dreg = (sreg & mask) ^ xor
*
- * which allow to express all bitwise operations:
+ * with these mask and xor values:
*
* mask xor
* NOT: 1 1
@@ -512,6 +530,8 @@ enum nft_bitwise_attributes {
NFTA_BITWISE_LEN,
NFTA_BITWISE_MASK,
NFTA_BITWISE_XOR,
+ NFTA_BITWISE_OP,
+ NFTA_BITWISE_DATA,
__NFTA_BITWISE_MAX
};
#define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1)
--
2.24.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH libnftnl v2 5/6] bitwise: add support for new netlink attributes.
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
` (3 preceding siblings ...)
2020-01-17 20:58 ` [PATCH libnftnl v2 4/6] include: update nf_tables.h Jeremy Sowden
@ 2020-01-17 20:58 ` Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 6/6] bitwise: add support for left- and right-shifts Jeremy Sowden
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
Add code to set and get the new op and data attributes. The existing
boolean bitwise expressions will only use the op attribute.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
src/expr/bitwise.c | 47 ++++++++++++++++++++++++++++++++++-
tests/nft-expr_bitwise-test.c | 4 +++
2 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 472bf59f7ad5..6ea39fbbe2ee 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -24,9 +24,11 @@
struct nftnl_expr_bitwise {
enum nft_registers sreg;
enum nft_registers dreg;
+ enum nft_bitwise_ops op;
unsigned int len;
union nftnl_data_reg mask;
union nftnl_data_reg xor;
+ union nftnl_data_reg data;
};
static int
@@ -42,6 +44,9 @@ nftnl_expr_bitwise_set(struct nftnl_expr *e, uint16_t type,
case NFTNL_EXPR_BITWISE_DREG:
memcpy(&bitwise->dreg, data, sizeof(bitwise->dreg));
break;
+ case NFTNL_EXPR_BITWISE_OP:
+ memcpy(&bitwise->op, data, sizeof(bitwise->op));
+ break;
case NFTNL_EXPR_BITWISE_LEN:
memcpy(&bitwise->len, data, sizeof(bitwise->len));
break;
@@ -53,6 +58,10 @@ nftnl_expr_bitwise_set(struct nftnl_expr *e, uint16_t type,
memcpy(&bitwise->xor.val, data, data_len);
bitwise->xor.len = data_len;
break;
+ case NFTNL_EXPR_BITWISE_DATA:
+ memcpy(&bitwise->data.val, data, data_len);
+ bitwise->data.len = data_len;
+ break;
default:
return -1;
}
@@ -72,6 +81,9 @@ nftnl_expr_bitwise_get(const struct nftnl_expr *e, uint16_t type,
case NFTNL_EXPR_BITWISE_DREG:
*data_len = sizeof(bitwise->dreg);
return &bitwise->dreg;
+ case NFTNL_EXPR_BITWISE_OP:
+ *data_len = sizeof(bitwise->op);
+ return &bitwise->op;
case NFTNL_EXPR_BITWISE_LEN:
*data_len = sizeof(bitwise->len);
return &bitwise->len;
@@ -81,6 +93,9 @@ nftnl_expr_bitwise_get(const struct nftnl_expr *e, uint16_t type,
case NFTNL_EXPR_BITWISE_XOR:
*data_len = bitwise->xor.len;
return &bitwise->xor.val;
+ case NFTNL_EXPR_BITWISE_DATA:
+ *data_len = bitwise->data.len;
+ return &bitwise->data.val;
}
return NULL;
}
@@ -96,12 +111,14 @@ static int nftnl_expr_bitwise_cb(const struct nlattr *attr, void *data)
switch(type) {
case NFTA_BITWISE_SREG:
case NFTA_BITWISE_DREG:
+ case NFTA_BITWISE_OP:
case NFTA_BITWISE_LEN:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
abi_breakage();
break;
case NFTA_BITWISE_MASK:
case NFTA_BITWISE_XOR:
+ case NFTA_BITWISE_DATA:
if (mnl_attr_validate(attr, MNL_TYPE_BINARY) < 0)
abi_breakage();
break;
@@ -120,6 +137,8 @@ nftnl_expr_bitwise_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
mnl_attr_put_u32(nlh, NFTA_BITWISE_SREG, htonl(bitwise->sreg));
if (e->flags & (1 << NFTNL_EXPR_BITWISE_DREG))
mnl_attr_put_u32(nlh, NFTA_BITWISE_DREG, htonl(bitwise->dreg));
+ if (e->flags & (1 << NFTNL_EXPR_BITWISE_OP))
+ mnl_attr_put_u32(nlh, NFTA_BITWISE_OP, htonl(bitwise->op));
if (e->flags & (1 << NFTNL_EXPR_BITWISE_LEN))
mnl_attr_put_u32(nlh, NFTA_BITWISE_LEN, htonl(bitwise->len));
if (e->flags & (1 << NFTNL_EXPR_BITWISE_MASK)) {
@@ -138,6 +157,14 @@ nftnl_expr_bitwise_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
bitwise->xor.val);
mnl_attr_nest_end(nlh, nest);
}
+ if (e->flags & (1 << NFTNL_EXPR_BITWISE_DATA)) {
+ struct nlattr *nest;
+
+ nest = mnl_attr_nest_start(nlh, NFTA_BITWISE_DATA);
+ mnl_attr_put(nlh, NFTA_DATA_VALUE, bitwise->data.len,
+ bitwise->data.val);
+ mnl_attr_nest_end(nlh, nest);
+ }
}
static int
@@ -158,6 +185,10 @@ nftnl_expr_bitwise_parse(struct nftnl_expr *e, struct nlattr *attr)
bitwise->dreg = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_DREG]));
e->flags |= (1 << NFTNL_EXPR_BITWISE_DREG);
}
+ if (tb[NFTA_BITWISE_OP]) {
+ bitwise->op = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_OP]));
+ e->flags |= (1 << NFTNL_EXPR_BITWISE_OP);
+ }
if (tb[NFTA_BITWISE_LEN]) {
bitwise->len = ntohl(mnl_attr_get_u32(tb[NFTA_BITWISE_LEN]));
e->flags |= (1 << NFTNL_EXPR_BITWISE_LEN);
@@ -170,6 +201,10 @@ nftnl_expr_bitwise_parse(struct nftnl_expr *e, struct nlattr *attr)
ret = nftnl_parse_data(&bitwise->xor, tb[NFTA_BITWISE_XOR], NULL);
e->flags |= (1 << NFTA_BITWISE_XOR);
}
+ if (tb[NFTA_BITWISE_DATA]) {
+ ret = nftnl_parse_data(&bitwise->data, tb[NFTA_BITWISE_DATA], NULL);
+ e->flags |= (1 << NFTNL_EXPR_BITWISE_DATA);
+ }
return ret;
}
@@ -202,8 +237,18 @@ static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
const struct nftnl_expr *e)
{
struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
+ int err = -1;
+
+ switch (bitwise->op) {
+ case NFT_BITWISE_BOOL:
+ err = nftnl_expr_bitwise_snprintf_bool(buf, size, bitwise);
+ break;
+ case NFT_BITWISE_LSHIFT:
+ case NFT_BITWISE_RSHIFT:
+ break;
+ }
- return nftnl_expr_bitwise_snprintf_bool(buf, size, bitwise);
+ return err;
}
static int
diff --git a/tests/nft-expr_bitwise-test.c b/tests/nft-expr_bitwise-test.c
index e37d85832072..41c0af435283 100644
--- a/tests/nft-expr_bitwise-test.c
+++ b/tests/nft-expr_bitwise-test.c
@@ -39,6 +39,9 @@ static void cmp_nftnl_expr(struct nftnl_expr *rule_a,
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_SREG) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_SREG))
print_err("Expr BITWISE_SREG mismatches");
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_OP) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_OP))
+ print_err("Expr BITWISE_OP mismatches");
if (nftnl_expr_get_u16(rule_a, NFTNL_EXPR_BITWISE_LEN) !=
nftnl_expr_get_u16(rule_b, NFTNL_EXPR_BITWISE_LEN))
print_err("Expr BITWISE_DREG mismatches");
@@ -73,6 +76,7 @@ int main(int argc, char *argv[])
nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_SREG, 0x12345678);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_DREG, 0x78123456);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_OP, NFT_BITWISE_BOOL);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_LEN, 0x56781234);
nftnl_expr_set(ex, NFTNL_EXPR_BITWISE_MASK, &mask, sizeof(mask));
nftnl_expr_set(ex, NFTNL_EXPR_BITWISE_XOR, &xor, sizeof(xor));
--
2.24.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH libnftnl v2 6/6] bitwise: add support for left- and right-shifts.
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
` (4 preceding siblings ...)
2020-01-17 20:58 ` [PATCH libnftnl v2 5/6] bitwise: add support for new netlink attributes Jeremy Sowden
@ 2020-01-17 20:58 ` Jeremy Sowden
2020-01-18 8:58 ` [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
2020-01-18 20:25 ` Pablo Neira Ayuso
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-17 20:58 UTC (permalink / raw)
To: Netfilter Devel
The kernel supports bitwise shifts. Add support to libnftnl.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
src/expr/bitwise.c | 22 ++++
tests/nft-expr_bitwise-test.c | 202 +++++++++++++++++++++++++++++++---
2 files changed, 206 insertions(+), 18 deletions(-)
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index 6ea39fbbe2ee..9ea2f662b3e6 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -233,6 +233,25 @@ nftnl_expr_bitwise_snprintf_bool(char *buf, size_t size,
return offset;
}
+static int
+nftnl_expr_bitwise_snprintf_shift(char *buf, size_t size, const char *op,
+ const struct nftnl_expr_bitwise *bitwise)
+{ int remain = size, offset = 0, ret;
+
+ ret = snprintf(buf, remain, "reg %u = ( reg %u %s ",
+ bitwise->dreg, bitwise->sreg, op);
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+
+ ret = nftnl_data_reg_snprintf(buf + offset, remain, &bitwise->data,
+ NFTNL_OUTPUT_DEFAULT, 0, DATA_VALUE);
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+
+ ret = snprintf(buf + offset, remain, ") ");
+ SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+
+ return offset;
+}
+
static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
const struct nftnl_expr *e)
{
@@ -244,7 +263,10 @@ static int nftnl_expr_bitwise_snprintf_default(char *buf, size_t size,
err = nftnl_expr_bitwise_snprintf_bool(buf, size, bitwise);
break;
case NFT_BITWISE_LSHIFT:
+ err = nftnl_expr_bitwise_snprintf_shift(buf, size, "<<", bitwise);
+ break;
case NFT_BITWISE_RSHIFT:
+ err = nftnl_expr_bitwise_snprintf_shift(buf, size, ">>", bitwise);
break;
}
diff --git a/tests/nft-expr_bitwise-test.c b/tests/nft-expr_bitwise-test.c
index 41c0af435283..74a0e2aa6933 100644
--- a/tests/nft-expr_bitwise-test.c
+++ b/tests/nft-expr_bitwise-test.c
@@ -21,41 +21,87 @@
static int test_ok = 1;
-static void print_err(const char *msg)
+static void print_err(const char *test, const char *msg)
{
test_ok = 0;
- printf("\033[31mERROR:\e[0m %s\n", msg);
+ printf("\033[31mERROR:\e[0m [%s] %s\n", test, msg);
}
-static void cmp_nftnl_expr(struct nftnl_expr *rule_a,
- struct nftnl_expr *rule_b)
+static void cmp_nftnl_expr_bool(struct nftnl_expr *rule_a,
+ struct nftnl_expr *rule_b)
{
uint32_t maska, maskb;
uint32_t xora, xorb;
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_DREG) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_DREG))
- print_err("Expr BITWISE_DREG mismatches");
+ print_err("bool", "Expr BITWISE_DREG mismatches");
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_SREG) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_SREG))
- print_err("Expr BITWISE_SREG mismatches");
+ print_err("bool", "Expr BITWISE_SREG mismatches");
if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_OP) !=
nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_OP))
- print_err("Expr BITWISE_OP mismatches");
+ print_err("bool", "Expr BITWISE_OP mismatches");
if (nftnl_expr_get_u16(rule_a, NFTNL_EXPR_BITWISE_LEN) !=
nftnl_expr_get_u16(rule_b, NFTNL_EXPR_BITWISE_LEN))
- print_err("Expr BITWISE_DREG mismatches");
+ print_err("bool", "Expr BITWISE_DREG mismatches");
nftnl_expr_get(rule_a, NFTNL_EXPR_BITWISE_MASK, &maska);
nftnl_expr_get(rule_b, NFTNL_EXPR_BITWISE_MASK, &maskb);
if (maska != maskb)
- print_err("Size of BITWISE_MASK mismatches");
+ print_err("bool", "Size of BITWISE_MASK mismatches");
nftnl_expr_get(rule_a, NFTNL_EXPR_BITWISE_XOR, &xora);
nftnl_expr_get(rule_b, NFTNL_EXPR_BITWISE_XOR, &xorb);
if (xora != xorb)
- print_err("Size of BITWISE_XOR mismatches");
+ print_err("bool", "Size of BITWISE_XOR mismatches");
}
-int main(int argc, char *argv[])
+static void cmp_nftnl_expr_lshift(struct nftnl_expr *rule_a,
+ struct nftnl_expr *rule_b)
+{
+ uint32_t data_a, data_b;
+
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_DREG) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_DREG))
+ print_err("lshift", "Expr BITWISE_DREG mismatches");
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_SREG) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_SREG))
+ print_err("lshift", "Expr BITWISE_SREG mismatches");
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_OP) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_OP))
+ print_err("lshift", "Expr BITWISE_OP mismatches");
+ if (nftnl_expr_get_u16(rule_a, NFTNL_EXPR_BITWISE_LEN) !=
+ nftnl_expr_get_u16(rule_b, NFTNL_EXPR_BITWISE_LEN))
+ print_err("lshift", "Expr BITWISE_LEN mismatches");
+ nftnl_expr_get(rule_a, NFTNL_EXPR_BITWISE_DATA, &data_a);
+ nftnl_expr_get(rule_b, NFTNL_EXPR_BITWISE_DATA, &data_b);
+ if (data_a != data_b)
+ print_err("lshift", "Expr BITWISE_DATA mismatches");
+}
+
+static void cmp_nftnl_expr_rshift(struct nftnl_expr *rule_a,
+ struct nftnl_expr *rule_b)
+{
+ uint32_t data_a, data_b;
+
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_DREG) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_DREG))
+ print_err("rshift", "Expr BITWISE_DREG mismatches");
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_SREG) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_SREG))
+ print_err("rshift", "Expr BITWISE_SREG mismatches");
+ if (nftnl_expr_get_u32(rule_a, NFTNL_EXPR_BITWISE_OP) !=
+ nftnl_expr_get_u32(rule_b, NFTNL_EXPR_BITWISE_OP))
+ print_err("rshift", "Expr BITWISE_OP mismatches");
+ if (nftnl_expr_get_u16(rule_a, NFTNL_EXPR_BITWISE_LEN) !=
+ nftnl_expr_get_u16(rule_b, NFTNL_EXPR_BITWISE_LEN))
+ print_err("rshift", "Expr BITWISE_LEN mismatches");
+ nftnl_expr_get(rule_a, NFTNL_EXPR_BITWISE_DATA, &data_a);
+ nftnl_expr_get(rule_b, NFTNL_EXPR_BITWISE_DATA, &data_b);
+ if (data_a != data_b)
+ print_err("rshift", "Expr BITWISE_DATA mismatches");
+}
+
+static void test_bool(void)
{
struct nftnl_rule *a, *b = NULL;
struct nftnl_expr *ex = NULL;
@@ -69,10 +115,10 @@ int main(int argc, char *argv[])
a = nftnl_rule_alloc();
b = nftnl_rule_alloc();
if (a == NULL || b == NULL)
- print_err("OOM");
+ print_err("bool", "OOM");
ex = nftnl_expr_alloc("bitwise");
if (ex == NULL)
- print_err("OOM");
+ print_err("bool", "OOM");
nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_SREG, 0x12345678);
nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_DREG, 0x78123456);
@@ -87,30 +133,150 @@ int main(int argc, char *argv[])
nftnl_rule_nlmsg_build_payload(nlh, a);
if (nftnl_rule_nlmsg_parse(nlh, b) < 0)
- print_err("parsing problems");
+ print_err("bool", "parsing problems");
+
+ iter_a = nftnl_expr_iter_create(a);
+ iter_b = nftnl_expr_iter_create(b);
+ if (iter_a == NULL || iter_b == NULL)
+ print_err("bool", "OOM");
+
+ rule_a = nftnl_expr_iter_next(iter_a);
+ rule_b = nftnl_expr_iter_next(iter_b);
+ if (rule_a == NULL || rule_b == NULL)
+ print_err("bool", "OOM");
+
+ if (nftnl_expr_iter_next(iter_a) != NULL ||
+ nftnl_expr_iter_next(iter_b) != NULL)
+ print_err("bool", "More 1 expr.");
+
+ nftnl_expr_iter_destroy(iter_a);
+ nftnl_expr_iter_destroy(iter_b);
+
+ cmp_nftnl_expr_bool(rule_a,rule_b);
+
+ nftnl_rule_free(a);
+ nftnl_rule_free(b);
+}
+
+static void test_lshift(void)
+{
+ struct nftnl_rule *a, *b = NULL;
+ struct nftnl_expr *ex = NULL;
+ struct nlmsghdr *nlh;
+ char buf[4096];
+ struct nftnl_expr_iter *iter_a, *iter_b = NULL;
+ struct nftnl_expr *rule_a, *rule_b = NULL;
+
+ a = nftnl_rule_alloc();
+ b = nftnl_rule_alloc();
+ if (a == NULL || b == NULL)
+ print_err("lshift", "OOM");
+ ex = nftnl_expr_alloc("bitwise");
+ if (ex == NULL)
+ print_err("lshift", "OOM");
+
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_SREG, 0x12345678);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_DREG, 0x78123456);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_OP, NFT_BITWISE_LSHIFT);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_LEN, 0x56781234);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_DATA, 13);
+
+ nftnl_rule_add_expr(a, ex);
+
+ nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
+ nftnl_rule_nlmsg_build_payload(nlh, a);
+
+ if (nftnl_rule_nlmsg_parse(nlh, b) < 0)
+ print_err("lshift", "parsing problems");
iter_a = nftnl_expr_iter_create(a);
iter_b = nftnl_expr_iter_create(b);
if (iter_a == NULL || iter_b == NULL)
- print_err("OOM");
+ print_err("lshift", "OOM");
rule_a = nftnl_expr_iter_next(iter_a);
rule_b = nftnl_expr_iter_next(iter_b);
if (rule_a == NULL || rule_b == NULL)
- print_err("OOM");
+ print_err("lshift", "OOM");
if (nftnl_expr_iter_next(iter_a) != NULL ||
nftnl_expr_iter_next(iter_b) != NULL)
- print_err("More 1 expr.");
+ print_err("lshift", "More 1 expr.");
nftnl_expr_iter_destroy(iter_a);
nftnl_expr_iter_destroy(iter_b);
- cmp_nftnl_expr(rule_a,rule_b);
+ cmp_nftnl_expr_lshift(rule_a,rule_b);
nftnl_rule_free(a);
nftnl_rule_free(b);
+}
+
+static void test_rshift(void)
+{
+ struct nftnl_rule *a, *b = NULL;
+ struct nftnl_expr *ex = NULL;
+ struct nlmsghdr *nlh;
+ char buf[4096];
+ struct nftnl_expr_iter *iter_a, *iter_b = NULL;
+ struct nftnl_expr *rule_a, *rule_b = NULL;
+
+ a = nftnl_rule_alloc();
+ b = nftnl_rule_alloc();
+ if (a == NULL || b == NULL)
+ print_err("rshift", "OOM");
+ ex = nftnl_expr_alloc("bitwise");
+ if (ex == NULL)
+ print_err("rshift", "OOM");
+
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_SREG, 0x12345678);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_DREG, 0x78123456);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_OP, NFT_BITWISE_RSHIFT);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_LEN, 0x56781234);
+ nftnl_expr_set_u32(ex, NFTNL_EXPR_BITWISE_DATA, 17);
+
+ nftnl_rule_add_expr(a, ex);
+
+ nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_NEWRULE, AF_INET, 0, 1234);
+ nftnl_rule_nlmsg_build_payload(nlh, a);
+
+ if (nftnl_rule_nlmsg_parse(nlh, b) < 0)
+ print_err("rshift", "parsing problems");
+
+ iter_a = nftnl_expr_iter_create(a);
+ iter_b = nftnl_expr_iter_create(b);
+ if (iter_a == NULL || iter_b == NULL)
+ print_err("rshift", "OOM");
+
+ rule_a = nftnl_expr_iter_next(iter_a);
+ rule_b = nftnl_expr_iter_next(iter_b);
+ if (rule_a == NULL || rule_b == NULL)
+ print_err("rshift", "OOM");
+
+ if (nftnl_expr_iter_next(iter_a) != NULL ||
+ nftnl_expr_iter_next(iter_b) != NULL)
+ print_err("rshift", "More 1 expr.");
+
+ nftnl_expr_iter_destroy(iter_a);
+ nftnl_expr_iter_destroy(iter_b);
+
+ cmp_nftnl_expr_rshift(rule_a,rule_b);
+
+ nftnl_rule_free(a);
+ nftnl_rule_free(b);
+}
+
+int main(int argc, char *argv[])
+{
+ test_bool();
+ if (!test_ok)
+ exit(EXIT_FAILURE);
+
+ test_lshift();
+ if (!test_ok)
+ exit(EXIT_FAILURE);
+ test_rshift();
if (!test_ok)
exit(EXIT_FAILURE);
--
2.24.1
^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH libnftnl v2 0/6] bitwise shift support
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
` (5 preceding siblings ...)
2020-01-17 20:58 ` [PATCH libnftnl v2 6/6] bitwise: add support for left- and right-shifts Jeremy Sowden
@ 2020-01-18 8:58 ` Jeremy Sowden
2020-01-18 20:25 ` Pablo Neira Ayuso
7 siblings, 0 replies; 9+ messages in thread
From: Jeremy Sowden @ 2020-01-18 8:58 UTC (permalink / raw)
To: Netfilter Devel
[-- Attachment #1: Type: text/plain, Size: 1009 bytes --]
On 2020-01-17, at 20:58:02 +0000, Jeremy Sowden wrote:
> The kernel supports bitwise shift operations. This patch-set adds the
> support to libnftnl. There are couple of preliminary housekeeping
> patches.
Changes since v1:
* updated to match the final kernel API;
* split the single patch that implemented the new shift expressions
into several smaller ones.
> Jeremy Sowden (6):
> Update gitignore.
> bitwise: fix some incorrect indentation.
> bitwise: add helper to print boolean expressions.
> include: update nf_tables.h.
> bitwise: add support for new netlink attributes.
> bitwise: add support for left- and right-shifts.
>
> .gitignore | 9 ++
> include/libnftnl/expr.h | 2 +
> include/linux/netfilter/nf_tables.h | 24 +++-
> src/expr/bitwise.c | 93 +++++++++++--
> tests/nft-expr_bitwise-test.c | 204 +++++++++++++++++++++++++---
> 5 files changed, 304 insertions(+), 28 deletions(-)
>
> --
> 2.24.1
>
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH libnftnl v2 0/6] bitwise shift support
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
` (6 preceding siblings ...)
2020-01-18 8:58 ` [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
@ 2020-01-18 20:25 ` Pablo Neira Ayuso
7 siblings, 0 replies; 9+ messages in thread
From: Pablo Neira Ayuso @ 2020-01-18 20:25 UTC (permalink / raw)
To: Jeremy Sowden; +Cc: Netfilter Devel
On Fri, Jan 17, 2020 at 08:58:02PM +0000, Jeremy Sowden wrote:
> The kernel supports bitwise shift operations. This patch-set adds the
> support to libnftnl. There are couple of preliminary housekeeping
> patches.
Series applied, thanks.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-01-18 20:25 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-17 20:58 [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 1/6] Update gitignore Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 2/6] bitwise: fix some incorrect indentation Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 3/6] bitwise: add helper to print boolean expressions Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 4/6] include: update nf_tables.h Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 5/6] bitwise: add support for new netlink attributes Jeremy Sowden
2020-01-17 20:58 ` [PATCH libnftnl v2 6/6] bitwise: add support for left- and right-shifts Jeremy Sowden
2020-01-18 8:58 ` [PATCH libnftnl v2 0/6] bitwise shift support Jeremy Sowden
2020-01-18 20:25 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.