Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support
@ 2020-01-14 21:29 Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
                   ` (10 more replies)
  0 siblings, 11 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

The connmark xtables extension supports bit-shifts.  Add support for
shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:

  nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
  nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8

Changes since v1:

  * more white-space fixes;
  * move bitwise op enum to UAPI;
  * add NFTA_BITWISE_OP and NFTA_BITWISE_DATA;
  * remove NFTA_BITWISE_LSHIFT and NFTA_BITWISE_RSHIFT;
  * add helpers for initializaing, evaluating and dumping different
    types of operation.

Jeremy Sowden (10):
  netfilter: nf_tables: white-space fixes.
  netfilter: bitwise: remove NULL comparisons from attribute checks.
  netfilter: bitwise: replace gotos with returns.
  netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute.
  netfilter: bitwise: add helper for initializing boolean operations.
  netfilter: bitwise: add helper for evaluating boolean operations.
  netfilter: bitwise: add helper for dumping boolean operations.
  netfilter: bitwise: only offload boolean operations.
  netfilter: bitwise: add NFTA_BITWISE_DATA attribute.
  netfilter: bitwise: add support for shifts.

 include/uapi/linux/netfilter/nf_tables.h |  23 ++-
 net/netfilter/nft_bitwise.c              | 210 ++++++++++++++++++-----
 net/netfilter/nft_set_bitmap.c           |   4 +-
 net/netfilter/nft_set_hash.c             |   2 +-
 4 files changed, 192 insertions(+), 47 deletions(-)

-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 01/10] netfilter: nf_tables: white-space fixes.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
                   ` (9 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Indentation fixes for the parameters of a few nft functions.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c    | 4 ++--
 net/netfilter/nft_set_bitmap.c | 4 ++--
 net/netfilter/nft_set_hash.c   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 10e9d50e4e19..e8ca1ec105f8 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -130,8 +130,8 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 static struct nft_data zero;
 
 static int nft_bitwise_offload(struct nft_offload_ctx *ctx,
-                               struct nft_flow_rule *flow,
-                               const struct nft_expr *expr)
+			       struct nft_flow_rule *flow,
+			       const struct nft_expr *expr)
 {
 	const struct nft_bitwise *priv = nft_expr_priv(expr);
 	struct nft_offload_reg *reg = &ctx->regs[priv->dreg];
diff --git a/net/netfilter/nft_set_bitmap.c b/net/netfilter/nft_set_bitmap.c
index 087a056e34d1..87e8d9ba0c9b 100644
--- a/net/netfilter/nft_set_bitmap.c
+++ b/net/netfilter/nft_set_bitmap.c
@@ -259,8 +259,8 @@ static u64 nft_bitmap_privsize(const struct nlattr * const nla[],
 }
 
 static int nft_bitmap_init(const struct nft_set *set,
-			 const struct nft_set_desc *desc,
-			 const struct nlattr * const nla[])
+			   const struct nft_set_desc *desc,
+			   const struct nlattr * const nla[])
 {
 	struct nft_bitmap *priv = nft_set_priv(set);
 
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index b331a3c9a3a8..d350a7cd3af0 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -645,7 +645,7 @@ static bool nft_hash_estimate(const struct nft_set_desc *desc, u32 features,
 }
 
 static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features,
-			      struct nft_set_estimate *est)
+				   struct nft_set_estimate *est)
 {
 	if (!desc->size)
 		return false;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
                   ` (8 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

In later patches, we will be adding more checks.  In order to be
consistent and prevent complaints from checkpatch.pl, replace the
existing comparisons with NULL with logical NOT operators.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index e8ca1ec105f8..85605fb1e360 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -52,11 +52,11 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
 	u32 len;
 	int err;
 
-	if (tb[NFTA_BITWISE_SREG] == NULL ||
-	    tb[NFTA_BITWISE_DREG] == NULL ||
-	    tb[NFTA_BITWISE_LEN] == NULL ||
-	    tb[NFTA_BITWISE_MASK] == NULL ||
-	    tb[NFTA_BITWISE_XOR] == NULL)
+	if (!tb[NFTA_BITWISE_SREG] ||
+	    !tb[NFTA_BITWISE_DREG] ||
+	    !tb[NFTA_BITWISE_LEN]  ||
+	    !tb[NFTA_BITWISE_MASK] ||
+	    !tb[NFTA_BITWISE_XOR])
 		return -EINVAL;
 
 	err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len);
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 03/10] netfilter: bitwise: replace gotos with returns.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 04/10] netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute Jeremy Sowden
                   ` (7 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

When dumping a bitwise expression, if any of the puts fails, we use goto
to jump to a label.  However, no clean-up is required and the only
statement at the label is a return.  Drop the goto's and return
immediately instead.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 85605fb1e360..c15e9beb5243 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -107,24 +107,21 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 	const struct nft_bitwise *priv = nft_expr_priv(expr);
 
 	if (nft_dump_register(skb, NFTA_BITWISE_SREG, priv->sreg))
-		goto nla_put_failure;
+		return -1;
 	if (nft_dump_register(skb, NFTA_BITWISE_DREG, priv->dreg))
-		goto nla_put_failure;
+		return -1;
 	if (nla_put_be32(skb, NFTA_BITWISE_LEN, htonl(priv->len)))
-		goto nla_put_failure;
+		return -1;
 
 	if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask,
 			  NFT_DATA_VALUE, priv->len) < 0)
-		goto nla_put_failure;
+		return -1;
 
 	if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor,
 			  NFT_DATA_VALUE, priv->len) < 0)
-		goto nla_put_failure;
+		return -1;
 
 	return 0;
-
-nla_put_failure:
-	return -1;
 }
 
 static struct nft_data zero;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 04/10] netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (2 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
                   ` (6 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Add a new bitwise netlink attribute, NFTA_BITWISE_OP, which is set to a
value of a new enum, nft_bitwise_ops.  It describes the type of
operation an expression contains.  Currently, it only has one value:
NFT_BITWISE_BOOL.  More values will be added later to implement shifts.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 include/uapi/linux/netfilter/nf_tables.h | 12 ++++++++++++
 net/netfilter/nft_bitwise.c              | 16 ++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index e237ecbdcd8a..cfda75725455 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -484,6 +484,16 @@ enum nft_immediate_attributes {
 };
 #define NFTA_IMMEDIATE_MAX	(__NFTA_IMMEDIATE_MAX - 1)
 
+/**
+ * enum nft_bitwise_ops - nf_tables bitwise operations
+ *
+ * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and
+ *                    XOR boolean operations
+ */
+enum nft_bitwise_ops {
+	NFT_BITWISE_BOOL,
+};
+
 /**
  * enum nft_bitwise_attributes - nf_tables bitwise expression netlink attributes
  *
@@ -492,6 +502,7 @@ enum nft_immediate_attributes {
  * @NFTA_BITWISE_LEN: length of operands (NLA_U32)
  * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes)
  * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes)
+ * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
  *
  * The bitwise expression performs the following operation:
  *
@@ -512,6 +523,7 @@ enum nft_bitwise_attributes {
 	NFTA_BITWISE_LEN,
 	NFTA_BITWISE_MASK,
 	NFTA_BITWISE_XOR,
+	NFTA_BITWISE_OP,
 	__NFTA_BITWISE_MAX
 };
 #define NFTA_BITWISE_MAX	(__NFTA_BITWISE_MAX - 1)
diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index c15e9beb5243..4884716d844a 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -18,6 +18,7 @@
 struct nft_bitwise {
 	enum nft_registers	sreg:8;
 	enum nft_registers	dreg:8;
+	enum nft_bitwise_ops	op:8;
 	u8			len;
 	struct nft_data		mask;
 	struct nft_data		xor;
@@ -41,6 +42,7 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
 	[NFTA_BITWISE_LEN]	= { .type = NLA_U32 },
 	[NFTA_BITWISE_MASK]	= { .type = NLA_NESTED },
 	[NFTA_BITWISE_XOR]	= { .type = NLA_NESTED },
+	[NFTA_BITWISE_OP]	= { .type = NLA_U32 },
 };
 
 static int nft_bitwise_init(const struct nft_ctx *ctx,
@@ -76,6 +78,18 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
 	if (err < 0)
 		return err;
 
+	if (tb[NFTA_BITWISE_OP]) {
+		priv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP]));
+		switch (priv->op) {
+		case NFT_BITWISE_BOOL:
+			break;
+		default:
+			return -EINVAL;
+		}
+	} else {
+		priv->op = NFT_BITWISE_BOOL;
+	}
+
 	err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1,
 			    tb[NFTA_BITWISE_MASK]);
 	if (err < 0)
@@ -112,6 +126,8 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 		return -1;
 	if (nla_put_be32(skb, NFTA_BITWISE_LEN, htonl(priv->len)))
 		return -1;
+	if (nla_put_be32(skb, NFTA_BITWISE_OP, htonl(priv->op)))
+		return -1;
 
 	if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask,
 			  NFT_DATA_VALUE, priv->len) < 0)
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 05/10] netfilter: bitwise: add helper for initializing boolean operations.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (3 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 04/10] netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
                   ` (5 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Split the code specific to initializing bitwise boolean operations out
into a separate function.  A similar function will be added later for
shift operations.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c | 67 +++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 26 deletions(-)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 4884716d844a..4a8d37eb43a4 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -45,20 +45,53 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
 	[NFTA_BITWISE_OP]	= { .type = NLA_U32 },
 };
 
+static int nft_bitwise_init_bool(struct nft_bitwise *priv,
+				 const struct nlattr *const tb[])
+{
+	struct nft_data_desc d1, d2;
+	int err;
+
+	if (!tb[NFTA_BITWISE_MASK] ||
+	    !tb[NFTA_BITWISE_XOR])
+		return -EINVAL;
+
+	err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1,
+			    tb[NFTA_BITWISE_MASK]);
+	if (err < 0)
+		return err;
+	if (d1.type != NFT_DATA_VALUE || d1.len != priv->len) {
+		err = -EINVAL;
+		goto err1;
+	}
+
+	err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &d2,
+			    tb[NFTA_BITWISE_XOR]);
+	if (err < 0)
+		goto err1;
+	if (d2.type != NFT_DATA_VALUE || d2.len != priv->len) {
+		err = -EINVAL;
+		goto err2;
+	}
+
+	return 0;
+err2:
+	nft_data_release(&priv->xor, d2.type);
+err1:
+	nft_data_release(&priv->mask, d1.type);
+	return err;
+}
+
 static int nft_bitwise_init(const struct nft_ctx *ctx,
 			    const struct nft_expr *expr,
 			    const struct nlattr * const tb[])
 {
 	struct nft_bitwise *priv = nft_expr_priv(expr);
-	struct nft_data_desc d1, d2;
 	u32 len;
 	int err;
 
 	if (!tb[NFTA_BITWISE_SREG] ||
 	    !tb[NFTA_BITWISE_DREG] ||
-	    !tb[NFTA_BITWISE_LEN]  ||
-	    !tb[NFTA_BITWISE_MASK] ||
-	    !tb[NFTA_BITWISE_XOR])
+	    !tb[NFTA_BITWISE_LEN])
 		return -EINVAL;
 
 	err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len);
@@ -90,30 +123,12 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
 		priv->op = NFT_BITWISE_BOOL;
 	}
 
-	err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1,
-			    tb[NFTA_BITWISE_MASK]);
-	if (err < 0)
-		return err;
-	if (d1.type != NFT_DATA_VALUE || d1.len != priv->len) {
-		err = -EINVAL;
-		goto err1;
-	}
-
-	err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &d2,
-			    tb[NFTA_BITWISE_XOR]);
-	if (err < 0)
-		goto err1;
-	if (d2.type != NFT_DATA_VALUE || d2.len != priv->len) {
-		err = -EINVAL;
-		goto err2;
+	switch(priv->op) {
+	case NFT_BITWISE_BOOL:
+		return nft_bitwise_init_bool(priv, tb);
 	}
 
-	return 0;
-err2:
-	nft_data_release(&priv->xor, d2.type);
-err1:
-	nft_data_release(&priv->mask, d1.type);
-	return err;
+	return -EINVAL;
 }
 
 static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 06/10] netfilter: bitwise: add helper for evaluating boolean operations.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (4 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
@ 2020-01-14 21:29 ` " Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
                   ` (4 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Split the code specific to evaluating bitwise boolean operations out
into a separate function.  Similar functions will be added later for
shift operations.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 4a8d37eb43a4..5f9d151b7047 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -24,16 +24,27 @@ struct nft_bitwise {
 	struct nft_data		xor;
 };
 
+static void nft_bitwise_eval_bool(u32 *dst, const u32 *src,
+				  const struct nft_bitwise *priv)
+{
+	unsigned int i;
+
+	for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++)
+		dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i];
+}
+
 void nft_bitwise_eval(const struct nft_expr *expr,
 		      struct nft_regs *regs, const struct nft_pktinfo *pkt)
 {
 	const struct nft_bitwise *priv = nft_expr_priv(expr);
 	const u32 *src = &regs->data[priv->sreg];
 	u32 *dst = &regs->data[priv->dreg];
-	unsigned int i;
 
-	for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++)
-		dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i];
+	switch (priv->op) {
+	case NFT_BITWISE_BOOL:
+		nft_bitwise_eval_bool(dst, src, priv);
+		break;
+	}
 }
 
 static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 07/10] netfilter: bitwise: add helper for dumping boolean operations.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (5 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
@ 2020-01-14 21:29 ` " Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 08/10] netfilter: bitwise: only offload " Jeremy Sowden
                   ` (3 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Split the code specific to dumping bitwise boolean operations out into a
separate function.  A similar function will be added later for shift
operations.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 5f9d151b7047..40272a45deeb 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -142,6 +142,20 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
 	return -EINVAL;
 }
 
+static int nft_bitwise_dump_bool(struct sk_buff *skb,
+				 const struct nft_bitwise *priv)
+{
+	if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask,
+			  NFT_DATA_VALUE, priv->len) < 0)
+		return -1;
+
+	if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor,
+			  NFT_DATA_VALUE, priv->len) < 0)
+		return -1;
+
+	return 0;
+}
+
 static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 {
 	const struct nft_bitwise *priv = nft_expr_priv(expr);
@@ -155,15 +169,12 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 	if (nla_put_be32(skb, NFTA_BITWISE_OP, htonl(priv->op)))
 		return -1;
 
-	if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask,
-			  NFT_DATA_VALUE, priv->len) < 0)
-		return -1;
-
-	if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor,
-			  NFT_DATA_VALUE, priv->len) < 0)
-		return -1;
+	switch (priv->op) {
+	case NFT_BITWISE_BOOL:
+		return nft_bitwise_dump_bool(skb, priv);
+	}
 
-	return 0;
+	return -1;
 }
 
 static struct nft_data zero;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 08/10] netfilter: bitwise: only offload boolean operations.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (6 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
@ 2020-01-14 21:29 ` " Jeremy Sowden
  2020-01-14 21:29 ` [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
                   ` (2 subsequent siblings)
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Only boolean operations supports offloading, so check the type of the
operation and return an error for other types.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 net/netfilter/nft_bitwise.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 40272a45deeb..1d9079ba2102 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -190,6 +190,9 @@ static int nft_bitwise_offload(struct nft_offload_ctx *ctx,
 	    priv->sreg != priv->dreg || priv->len != reg->len)
 		return -EOPNOTSUPP;
 
+	if (priv->op != NFT_BITWISE_BOOL)
+		return -EOPNOTSUPP;
+
 	memcpy(&reg->mask, &priv->mask, sizeof(priv->mask));
 
 	return 0;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (7 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 08/10] netfilter: bitwise: only offload " Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-15  9:29   ` Pablo Neira Ayuso
  2020-01-14 21:29 ` [PATCH nf-next v2 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
  2020-01-15  9:29 ` [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Pablo Neira Ayuso
  10 siblings, 1 reply; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Add a new bitwise netlink attribute that will be used by shift
operations to store the size of the shift.  It is not used by boolean
operations.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 include/uapi/linux/netfilter/nf_tables.h | 2 ++
 net/netfilter/nft_bitwise.c              | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index cfda75725455..7cb85fd0d38e 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -503,6 +503,7 @@ enum nft_bitwise_ops {
  * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes)
  * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes)
  * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
+ * @NFTA_BITWISE_DATA: argument for non-boolean operations (NLA_U32)
  *
  * The bitwise expression performs the following operation:
  *
@@ -524,6 +525,7 @@ enum nft_bitwise_attributes {
 	NFTA_BITWISE_MASK,
 	NFTA_BITWISE_XOR,
 	NFTA_BITWISE_OP,
+	NFTA_BITWISE_DATA,
 	__NFTA_BITWISE_MAX
 };
 #define NFTA_BITWISE_MAX	(__NFTA_BITWISE_MAX - 1)
diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 1d9079ba2102..72abaa83a8ca 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -22,6 +22,7 @@ struct nft_bitwise {
 	u8			len;
 	struct nft_data		mask;
 	struct nft_data		xor;
+	u32			data;
 };
 
 static void nft_bitwise_eval_bool(u32 *dst, const u32 *src,
@@ -54,6 +55,7 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
 	[NFTA_BITWISE_MASK]	= { .type = NLA_NESTED },
 	[NFTA_BITWISE_XOR]	= { .type = NLA_NESTED },
 	[NFTA_BITWISE_OP]	= { .type = NLA_U32 },
+	[NFTA_BITWISE_DATA]	= { .type = NLA_U32 },
 };
 
 static int nft_bitwise_init_bool(struct nft_bitwise *priv,
@@ -62,6 +64,9 @@ static int nft_bitwise_init_bool(struct nft_bitwise *priv,
 	struct nft_data_desc d1, d2;
 	int err;
 
+	if (tb[NFTA_BITWISE_DATA])
+		return -EINVAL;
+
 	if (!tb[NFTA_BITWISE_MASK] ||
 	    !tb[NFTA_BITWISE_XOR])
 		return -EINVAL;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* [PATCH nf-next v2 10/10] netfilter: bitwise: add support for shifts.
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (8 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
@ 2020-01-14 21:29 ` Jeremy Sowden
  2020-01-15  9:29 ` [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Pablo Neira Ayuso
  10 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-14 21:29 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

Hitherto nft_bitwise has only supported boolean operations: NOT, AND, OR
and XOR.  Extend it to do shifts as well.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 include/uapi/linux/netfilter/nf_tables.h |  9 +++-
 net/netfilter/nft_bitwise.c              | 68 ++++++++++++++++++++++++
 2 files changed, 75 insertions(+), 2 deletions(-)

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 7cb85fd0d38e..b824ca44150a 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -489,9 +489,13 @@ enum nft_immediate_attributes {
  *
  * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and
  *                    XOR boolean operations
+ * @NFT_BITWISE_LSHIFT: left-shift operation
+ * @NFT_BITWISE_RSHIFT: right-shift operation
  */
 enum nft_bitwise_ops {
 	NFT_BITWISE_BOOL,
+	NFT_BITWISE_LSHIFT,
+	NFT_BITWISE_RSHIFT,
 };
 
 /**
@@ -505,11 +509,12 @@ enum nft_bitwise_ops {
  * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
  * @NFTA_BITWISE_DATA: argument for non-boolean operations (NLA_U32)
  *
- * The bitwise expression performs the following operation:
+ * The bitwise expression supports boolean and shift operations.  It implements
+ * the boolean operations by performing the following operation:
  *
  * dreg = (sreg & mask) ^ xor
  *
- * which allow to express all bitwise operations:
+ * with these mask and xor values:
  *
  * 		mask	xor
  * NOT:		1	1
diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
index 72abaa83a8ca..2f55037501fd 100644
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -34,6 +34,30 @@ static void nft_bitwise_eval_bool(u32 *dst, const u32 *src,
 		dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i];
 }
 
+static void nft_bitwise_eval_lshift(u32 *dst, const u32 *src,
+				    const struct nft_bitwise *priv)
+{
+	unsigned int i;
+	u32 carry = 0;
+
+	for (i = DIV_ROUND_UP(priv->len, sizeof(u32)); i > 0; i--) {
+		dst[i - 1] = (src[i - 1] << priv->data) | carry;
+		carry = src[i - 1] >> (32 - priv->data);
+	}
+}
+
+static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src,
+				    const struct nft_bitwise *priv)
+{
+	unsigned int i;
+	u32 carry = 0;
+
+	for (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) {
+		dst[i] = carry | (src[i] >> priv->data);
+		carry = src[i] << (32 - priv->data);
+	}
+}
+
 void nft_bitwise_eval(const struct nft_expr *expr,
 		      struct nft_regs *regs, const struct nft_pktinfo *pkt)
 {
@@ -45,6 +69,12 @@ void nft_bitwise_eval(const struct nft_expr *expr,
 	case NFT_BITWISE_BOOL:
 		nft_bitwise_eval_bool(dst, src, priv);
 		break;
+	case NFT_BITWISE_LSHIFT:
+		nft_bitwise_eval_lshift(dst, src, priv);
+		break;
+	case NFT_BITWISE_RSHIFT:
+		nft_bitwise_eval_rshift(dst, src, priv);
+		break;
 	}
 }
 
@@ -97,6 +127,28 @@ static int nft_bitwise_init_bool(struct nft_bitwise *priv,
 	return err;
 }
 
+static int nft_bitwise_init_shift(struct nft_bitwise *priv,
+				  const struct nlattr *const tb[])
+{
+	u32 shift;
+	int err;
+
+	if (tb[NFTA_BITWISE_MASK] ||
+	    tb[NFTA_BITWISE_XOR])
+		return -EINVAL;
+
+	if (!tb[NFTA_BITWISE_DATA])
+		return -EINVAL;
+
+	err = nft_parse_u32_check(tb[NFTA_BITWISE_DATA], U8_MAX,
+				  &shift);
+	if (err < 0)
+		return err;
+
+	priv->data = shift;
+	return 0;
+}
+
 static int nft_bitwise_init(const struct nft_ctx *ctx,
 			    const struct nft_expr *expr,
 			    const struct nlattr * const tb[])
@@ -131,6 +183,8 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
 		priv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP]));
 		switch (priv->op) {
 		case NFT_BITWISE_BOOL:
+		case NFT_BITWISE_LSHIFT:
+		case NFT_BITWISE_RSHIFT:
 			break;
 		default:
 			return -EINVAL;
@@ -142,6 +196,9 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
 	switch(priv->op) {
 	case NFT_BITWISE_BOOL:
 		return nft_bitwise_init_bool(priv, tb);
+	case NFT_BITWISE_LSHIFT:
+	case NFT_BITWISE_RSHIFT:
+		return nft_bitwise_init_shift(priv, tb);
 	}
 
 	return -EINVAL;
@@ -161,6 +218,14 @@ static int nft_bitwise_dump_bool(struct sk_buff *skb,
 	return 0;
 }
 
+static int nft_bitwise_dump_shift(struct sk_buff *skb,
+				  const struct nft_bitwise *priv)
+{
+	if (nla_put_be32(skb, NFTA_BITWISE_DATA, htonl(priv->data)))
+		return -1;
+	return 0;
+}
+
 static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 {
 	const struct nft_bitwise *priv = nft_expr_priv(expr);
@@ -177,6 +242,9 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr)
 	switch (priv->op) {
 	case NFT_BITWISE_BOOL:
 		return nft_bitwise_dump_bool(skb, priv);
+	case NFT_BITWISE_LSHIFT:
+	case NFT_BITWISE_RSHIFT:
+		return nft_bitwise_dump_shift(skb, priv);
 	}
 
 	return -1;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute.
  2020-01-14 21:29 ` [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
@ 2020-01-15  9:29   ` Pablo Neira Ayuso
  2020-01-15  9:30     ` Jeremy Sowden
  0 siblings, 1 reply; 14+ messages in thread
From: Pablo Neira Ayuso @ 2020-01-15  9:29 UTC (permalink / raw)
  To: Jeremy Sowden; +Cc: Netfilter Devel

On Tue, Jan 14, 2020 at 09:29:17PM +0000, Jeremy Sowden wrote:
> Add a new bitwise netlink attribute that will be used by shift
> operations to store the size of the shift.  It is not used by boolean
> operations.
> 
> Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> ---
>  include/uapi/linux/netfilter/nf_tables.h | 2 ++
>  net/netfilter/nft_bitwise.c              | 5 +++++
>  2 files changed, 7 insertions(+)
> 
> diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> index cfda75725455..7cb85fd0d38e 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -503,6 +503,7 @@ enum nft_bitwise_ops {
>   * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes)
>   * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes)
>   * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
> + * @NFTA_BITWISE_DATA: argument for non-boolean operations (NLA_U32)
>   *
>   * The bitwise expression performs the following operation:
>   *
> @@ -524,6 +525,7 @@ enum nft_bitwise_attributes {
>  	NFTA_BITWISE_MASK,
>  	NFTA_BITWISE_XOR,
>  	NFTA_BITWISE_OP,
> +	NFTA_BITWISE_DATA,
>  	__NFTA_BITWISE_MAX
>  };
>  #define NFTA_BITWISE_MAX	(__NFTA_BITWISE_MAX - 1)
> diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
> index 1d9079ba2102..72abaa83a8ca 100644
> --- a/net/netfilter/nft_bitwise.c
> +++ b/net/netfilter/nft_bitwise.c
> @@ -22,6 +22,7 @@ struct nft_bitwise {
>  	u8			len;
>  	struct nft_data		mask;
>  	struct nft_data		xor;
> +	u32			data;

Could you make this struct nft_data?

We can extend later on nft_bitwise to more operations. I was
considering to (ab)use bitwise to implement increment and decrement. I
think u32 should be enough in most cases, but I'd prefer to stick to
one 128 bit word in this case. For shift this is obviously too much,
but this would be leaving room for new operations requiring something
larger than u32.

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support
  2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
                   ` (9 preceding siblings ...)
  2020-01-14 21:29 ` [PATCH nf-next v2 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
@ 2020-01-15  9:29 ` Pablo Neira Ayuso
  10 siblings, 0 replies; 14+ messages in thread
From: Pablo Neira Ayuso @ 2020-01-15  9:29 UTC (permalink / raw)
  To: Jeremy Sowden; +Cc: Netfilter Devel

On Tue, Jan 14, 2020 at 09:29:08PM +0000, Jeremy Sowden wrote:
> The connmark xtables extension supports bit-shifts.  Add support for
> shifts to nft_bitwise in order to allow nftables to do likewise, e.g.:
> 
>   nft add rule t c oif lo ct mark set meta mark << 8 | 0xab
>   nft add rule t c iif lo meta mark & 0xff 0xab ct mark set meta mark >> 8

Apart from the minor nitpick regard _DATA, this series LGTM, thanks
Jeremy.

^ permalink raw reply	[flat|nested] 14+ messages in thread

* Re: [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute.
  2020-01-15  9:29   ` Pablo Neira Ayuso
@ 2020-01-15  9:30     ` Jeremy Sowden
  0 siblings, 0 replies; 14+ messages in thread
From: Jeremy Sowden @ 2020-01-15  9:30 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Netfilter Devel

[-- Attachment #1: Type: text/plain, Size: 2183 bytes --]

On 2020-01-15, at 10:29:07 +0100, Pablo Neira Ayuso wrote:
> On Tue, Jan 14, 2020 at 09:29:17PM +0000, Jeremy Sowden wrote:
> > Add a new bitwise netlink attribute that will be used by shift
> > operations to store the size of the shift.  It is not used by
> > boolean operations.
> >
> > Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
> > ---
> >  include/uapi/linux/netfilter/nf_tables.h | 2 ++
> >  net/netfilter/nft_bitwise.c              | 5 +++++
> >  2 files changed, 7 insertions(+)
> >
> > diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> > index cfda75725455..7cb85fd0d38e 100644
> > --- a/include/uapi/linux/netfilter/nf_tables.h
> > +++ b/include/uapi/linux/netfilter/nf_tables.h
> > @@ -503,6 +503,7 @@ enum nft_bitwise_ops {
> >   * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes)
> >   * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes)
> >   * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)
> > + * @NFTA_BITWISE_DATA: argument for non-boolean operations (NLA_U32)
> >   *
> >   * The bitwise expression performs the following operation:
> >   *
> > @@ -524,6 +525,7 @@ enum nft_bitwise_attributes {
> >  	NFTA_BITWISE_MASK,
> >  	NFTA_BITWISE_XOR,
> >  	NFTA_BITWISE_OP,
> > +	NFTA_BITWISE_DATA,
> >  	__NFTA_BITWISE_MAX
> >  };
> >  #define NFTA_BITWISE_MAX	(__NFTA_BITWISE_MAX - 1)
> > diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
> > index 1d9079ba2102..72abaa83a8ca 100644
> > --- a/net/netfilter/nft_bitwise.c
> > +++ b/net/netfilter/nft_bitwise.c
> > @@ -22,6 +22,7 @@ struct nft_bitwise {
> >  	u8			len;
> >  	struct nft_data		mask;
> >  	struct nft_data		xor;
> > +	u32			data;
>
> Could you make this struct nft_data?
>
> We can extend later on nft_bitwise to more operations. I was
> considering to (ab)use bitwise to implement increment and decrement. I
> think u32 should be enough in most cases, but I'd prefer to stick to
> one 128 bit word in this case. For shift this is obviously too much,
> but this would be leaving room for new operations requiring something
> larger than u32.

I did wonder about that. :) Will do.

J.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, back to index

Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-14 21:29 [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 04/10] netfilter: bitwise: add NFTA_BITWISE_OP netlink attribute Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 08/10] netfilter: bitwise: only offload " Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
2020-01-15  9:29   ` Pablo Neira Ayuso
2020-01-15  9:30     ` Jeremy Sowden
2020-01-14 21:29 ` [PATCH nf-next v2 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
2020-01-15  9:29 ` [PATCH nf-next v2 00/10] netfilter: nft_bitwise: shift support Pablo Neira Ayuso

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git