From: Jeremy Sowden <jeremy@azazel.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: Re: [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support
Date: Mon, 27 Jan 2020 11:13:14 +0000 [thread overview]
Message-ID: <20200127111314.GA377617@azazel.net> (raw)
In-Reply-To: <20200126111251.e4kncc54umrq7mea@salvia>
[-- Attachment #1: Type: text/plain, Size: 4660 bytes --]
On 2020-01-26, at 12:12:51 +0100, Pablo Neira Ayuso wrote:
> I've been looking into (ab)using bitwise to implement add/sub. I would
> like to not add nft_arith for only this, and it seems to me much of
> your code can be reused.
>
> Do you think something like this would work?
Absolutely.
A couple of questions. What's the use-case? I find the combination of
applying the delta to every u32 and having a carry curious. Do you want
to support bigendian arithmetic (i.e., carrying to the left) as well?
I've suggested a couple of changes below.
J.
> Thanks.
>
> diff --git a/include/uapi/linux/netfilter/nf_tables.h
> b/include/uapi/linux/netfilter/nf_tables.h
> index 065218a20bb7..c4078359b6e4 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -508,11 +508,15 @@ enum nft_immediate_attributes {
> * XOR boolean operations
> * @NFT_BITWISE_LSHIFT: left-shift operation
> * @NFT_BITWISE_RSHIFT: right-shift operation
> + * @NFT_BITWISE_ADD: add operation
> + * @NFT_BITWISE_SUB: subtract operation
> */
> enum nft_bitwise_ops {
> NFT_BITWISE_BOOL,
> NFT_BITWISE_LSHIFT,
> NFT_BITWISE_RSHIFT,
> + NFT_BITWISE_ADD,
> + NFT_BITWISE_SUB,
> };
>
> /**
> diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c
> index 0ed2281f03be..fd0cd2b4722a 100644
> --- a/net/netfilter/nft_bitwise.c
> +++ b/net/netfilter/nft_bitwise.c
> @@ -60,6 +60,38 @@ static void nft_bitwise_eval_rshift(u32 *dst, const
> u32 *src,
> }
> }
>
> +static void nft_bitwise_eval_add(u32 *dst, const u32 *src,
> + const struct nft_bitwise *priv)
> +{
> + u32 delta = priv->data.data[0];
> + unsigned int i, words;
> + u32 tmp = 0;
> +
> + words = DIV_ROUND_UP(priv->len, sizeof(u32));
> + for (i = 0; i < words; i++) {
> + tmp = src[i];
> + dst[i] = src[i] + delta;
> + if (dst[i] < tmp && i + 1 < words)
> + dst[i + 1]++;
> + }
> +}
for (i = 0; i < words; i++) {
dst[i] = src[i] + delta + tmp;
tmp = dst[i] < src[i] ? 1 : 0;
}
> +static void nft_bitwise_eval_sub(u32 *dst, const u32 *src,
> + const struct nft_bitwise *priv)
> +{
> + u32 delta = priv->data.data[0];
> + unsigned int i, words;
> + u32 tmp = 0;
> +
> + words = DIV_ROUND_UP(priv->len, sizeof(u32));
> + for (i = 0; i < words; i++) {
> + tmp = src[i];
> + dst[i] = src[i] - delta;
> + if (dst[i] > tmp && i + 1 < words)
> + dst[i + 1]--;
> + }
> +}
for (i = 0; i < words; i++) {
dst[i] = src[i] - delta - tmp;
tmp = dst[i] > src[i] ? 1 : 0;
}
> void nft_bitwise_eval(const struct nft_expr *expr,
> struct nft_regs *regs, const struct nft_pktinfo *pkt)
> {
> @@ -77,6 +109,12 @@ void nft_bitwise_eval(const struct nft_expr *expr,
> case NFT_BITWISE_RSHIFT:
> nft_bitwise_eval_rshift(dst, src, priv);
> break;
> + case NFT_BITWISE_ADD:
> + nft_bitwise_eval_add(dst, src, priv);
> + break;
> + case NFT_BITWISE_SUB:
> + nft_bitwise_eval_sub(dst, src, priv);
> + break;
> }
> }
>
> @@ -129,8 +167,8 @@ static int nft_bitwise_init_bool(struct
> nft_bitwise *priv,
> return err;
> }
>
> -static int nft_bitwise_init_shift(struct nft_bitwise *priv,
> - const struct nlattr *const tb[])
> +static int nft_bitwise_init_data(struct nft_bitwise *priv,
> + const struct nlattr *const tb[])
> {
> struct nft_data_desc d;
> int err;
> @@ -191,6 +229,8 @@ static int nft_bitwise_init(const struct nft_ctx
> *ctx,
> case NFT_BITWISE_BOOL:
> case NFT_BITWISE_LSHIFT:
> case NFT_BITWISE_RSHIFT:
> + case NFT_BITWISE_ADD:
> + case NFT_BITWISE_SUB:
> break;
> default:
> return -EOPNOTSUPP;
> @@ -205,7 +245,9 @@ static int nft_bitwise_init(const struct nft_ctx
> *ctx,
> break;
> case NFT_BITWISE_LSHIFT:
> case NFT_BITWISE_RSHIFT:
> - err = nft_bitwise_init_shift(priv, tb);
> + case NFT_BITWISE_ADD:
> + case NFT_BITWISE_SUB:
> + err = nft_bitwise_init_data(priv, tb);
> break;
> }
>
> @@ -226,8 +268,8 @@ static int nft_bitwise_dump_bool(struct sk_buff
> *skb,
> return 0;
> }
>
> -static int nft_bitwise_dump_shift(struct sk_buff *skb,
> - const struct nft_bitwise *priv)
> +static int nft_bitwise_dump_data(struct sk_buff *skb,
> + const struct nft_bitwise *priv)
> {
> if (nft_data_dump(skb, NFTA_BITWISE_DATA, &priv->data,
> NFT_DATA_VALUE, sizeof(u32)) < 0)
> @@ -255,7 +297,9 @@ static int nft_bitwise_dump(struct sk_buff *skb,
> const struct nft_expr *expr)
> break;
> case NFT_BITWISE_LSHIFT:
> case NFT_BITWISE_RSHIFT:
> - err = nft_bitwise_dump_shift(skb, priv);
> + case NFT_BITWISE_ADD:
> + case NFT_BITWISE_SUB:
> + err = nft_bitwise_dump_data(skb, priv);
> break;
> }
>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
next prev parent reply other threads:[~2020-01-27 11:57 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-15 21:32 [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 01/10] netfilter: nf_tables: white-space fixes Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 03/10] netfilter: bitwise: replace gotos with returns Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 04/10] netfilter: bitwise: add NFTA_BITWISE_OP attribute Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 05/10] netfilter: bitwise: add helper for initializing boolean operations Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 06/10] netfilter: bitwise: add helper for evaluating " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 07/10] netfilter: bitwise: add helper for dumping " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 08/10] netfilter: bitwise: only offload " Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute Jeremy Sowden
2020-01-15 21:32 ` [PATCH nf-next v4 10/10] netfilter: bitwise: add support for shifts Jeremy Sowden
2020-01-16 8:51 ` [PATCH nf-next v4 00/10] netfilter: nft_bitwise: shift support Jeremy Sowden
2020-01-16 11:22 ` Pablo Neira Ayuso
2020-01-16 11:28 ` Pablo Neira Ayuso
2020-01-16 11:41 ` Jeremy Sowden
2020-01-16 12:09 ` Pablo Neira Ayuso
2020-01-16 12:13 ` Jeremy Sowden
2020-01-16 14:48 ` Pablo Neira Ayuso
2020-01-16 14:59 ` Jeremy Sowden
2020-01-26 11:12 ` Pablo Neira Ayuso
2020-01-27 11:13 ` Jeremy Sowden [this message]
2020-01-28 10:00 ` Pablo Neira Ayuso
2020-01-28 11:31 ` Jeremy Sowden
2020-01-28 13:18 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200127111314.GA377617@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).