From patchwork Wed Jan 15 21:32:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223890 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=Tc4NG/mz; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX42cKlz9sR4 for ; Thu, 16 Jan 2020 08:32:20 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729141AbgAOVcS (ORCPT ); Wed, 15 Jan 2020 16:32:18 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56826 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728899AbgAOVcS (ORCPT ); Wed, 15 Jan 2020 16:32:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=GLEQ4K0KKS6sALBxBdPJ1KCG9rZoFn6s4aR5tLODAsg=; b=Tc4NG/mz/ZdSfxzvAUkbbEUHoc vMD1B+y1V/c6LS7XLuSW+oJY07F03Tl5rpFYYj/ON0Q41H/eOskDiDziFkV22/VshCxg9QoINIpH2 Vhkn/vIEQvBVEeBeVpidIsaiSt33haES430qP6hx0/vx4b86SZnvlYjEuOb/I6JomReNQ4GydV0Pl ImB6ZWrsO0OBVO5fXWB/umm6igXboePnoAxQVXSiXnfCc7i8p5El0+8qo+WSGy6RxkjRogXYh02D/ w6Nv0QSOSqwZwig2yP+L7QiXfcShwzf+cLgsDC6YQhinsAYIDZaMRfWvEY4cpK8efjZIGHnuGM5um XCbabExQ==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGu-0008BP-Ut; Wed, 15 Jan 2020 21:32:17 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 01/10] netfilter: nf_tables: white-space fixes. Date: Wed, 15 Jan 2020 21:32:07 +0000 Message-Id: <20200115213216.77493-2-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Indentation fixes for the parameters of a few nft functions. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 4 ++-- net/netfilter/nft_set_bitmap.c | 4 ++-- net/netfilter/nft_set_hash.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 10e9d50e4e19..e8ca1ec105f8 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -130,8 +130,8 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) static struct nft_data zero; static int nft_bitwise_offload(struct nft_offload_ctx *ctx, - struct nft_flow_rule *flow, - const struct nft_expr *expr) + struct nft_flow_rule *flow, + const struct nft_expr *expr) { const struct nft_bitwise *priv = nft_expr_priv(expr); struct nft_offload_reg *reg = &ctx->regs[priv->dreg]; diff --git a/net/netfilter/nft_set_bitmap.c b/net/netfilter/nft_set_bitmap.c index 087a056e34d1..87e8d9ba0c9b 100644 --- a/net/netfilter/nft_set_bitmap.c +++ b/net/netfilter/nft_set_bitmap.c @@ -259,8 +259,8 @@ static u64 nft_bitmap_privsize(const struct nlattr * const nla[], } static int nft_bitmap_init(const struct nft_set *set, - const struct nft_set_desc *desc, - const struct nlattr * const nla[]) + const struct nft_set_desc *desc, + const struct nlattr * const nla[]) { struct nft_bitmap *priv = nft_set_priv(set); diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c index b331a3c9a3a8..d350a7cd3af0 100644 --- a/net/netfilter/nft_set_hash.c +++ b/net/netfilter/nft_set_hash.c @@ -645,7 +645,7 @@ static bool nft_hash_estimate(const struct nft_set_desc *desc, u32 features, } static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features, - struct nft_set_estimate *est) + struct nft_set_estimate *est) { if (!desc->size) return false; From patchwork Wed Jan 15 21:32:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223892 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=ZGuMGMMt; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX56J4Tz9sNx for ; Thu, 16 Jan 2020 08:32:21 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729214AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56832 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729045AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=K0XVHq73UHlhQ/D84IiwnlA9Y6baVDh3zj2vjhXE6yI=; b=ZGuMGMMte9VXGa4nuWRLz5UYjQ aEvf9WfiK2SmRW5VHcCXfZUdXgOn11fwj+3xEJT1TTL/QHMDFZDcndvl/ylaVjeMJ0I8xHXq7YX9K XdGBWrwgBb3WzAYgzZtYEN8qvNf4ZoPTC9tWwe4+gWqgDXnU9VwqmUzBgkD41z6g2IxYBuIpuUr5Y 3+2tbkyRKQbWIdaCE8V95R69sskZ6Xia+t5LHW8Nj1KfH0jQAoIcsxy1tuiXp1mht0cFcpv4jkmzA WbI7jmBOHQBFjyVRpGTSSij30WTJMSfxTCtWcUhTMo73V4K8lDI51m4muvtG5O3sCKQyAr+QUaORK PyYCDbvA==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGv-0008BP-6Y; Wed, 15 Jan 2020 21:32:17 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 02/10] netfilter: bitwise: remove NULL comparisons from attribute checks. Date: Wed, 15 Jan 2020 21:32:08 +0000 Message-Id: <20200115213216.77493-3-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org In later patches, we will be adding more checks. In order to be consistent and prevent complaints from checkpatch.pl, replace the existing comparisons with NULL with logical NOT operators. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index e8ca1ec105f8..85605fb1e360 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -52,11 +52,11 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, u32 len; int err; - if (tb[NFTA_BITWISE_SREG] == NULL || - tb[NFTA_BITWISE_DREG] == NULL || - tb[NFTA_BITWISE_LEN] == NULL || - tb[NFTA_BITWISE_MASK] == NULL || - tb[NFTA_BITWISE_XOR] == NULL) + if (!tb[NFTA_BITWISE_SREG] || + !tb[NFTA_BITWISE_DREG] || + !tb[NFTA_BITWISE_LEN] || + !tb[NFTA_BITWISE_MASK] || + !tb[NFTA_BITWISE_XOR]) return -EINVAL; err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len); From patchwork Wed Jan 15 21:32:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223891 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=g1qGo26I; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX50FxGz9sRG for ; Thu, 16 Jan 2020 08:32:21 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728896AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56836 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729112AbgAOVcS (ORCPT ); Wed, 15 Jan 2020 16:32:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=7tKDT29RaDdXak2Xt6L5xmJeUBMXdr2kwLfSeeZTFPU=; b=g1qGo26IjE/wjRS+Dy/rvSbfK9 5g1rV2ZGQtpyEDgtUw70lKP2rXD2LUNLr5N+/KgC83PwdH+R5aLaAKCuqxrjK0mOaj+79o0KVM80X nl8TdmGtrdiOqLRXwhFSLt7r5FdU38PeIOz67oIc9CJHBtXmzeD8ssIp5MU8DVYdfMp03fxrHUaAu PRnyRbwAdfcUO+5LRFxaRAkTs/925XOfqb0rxeMUAp67KPwlCbqCEyxgrSaJoe6uNwJoRVxM8Gn04 pMbDIEWvjpjL9b32XV3TwaDYXGaFvG+rCfYsvM00uiyFg82ObBhH5RjLvTwe/rJHvL3TPawWIVIZP aZzPhs0g==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGv-0008BP-Gl; Wed, 15 Jan 2020 21:32:17 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 03/10] netfilter: bitwise: replace gotos with returns. Date: Wed, 15 Jan 2020 21:32:09 +0000 Message-Id: <20200115213216.77493-4-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org When dumping a bitwise expression, if any of the puts fails, we use goto to jump to a label. However, no clean-up is required and the only statement at the label is a return. Drop the goto's and return immediately instead. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 85605fb1e360..c15e9beb5243 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -107,24 +107,21 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) const struct nft_bitwise *priv = nft_expr_priv(expr); if (nft_dump_register(skb, NFTA_BITWISE_SREG, priv->sreg)) - goto nla_put_failure; + return -1; if (nft_dump_register(skb, NFTA_BITWISE_DREG, priv->dreg)) - goto nla_put_failure; + return -1; if (nla_put_be32(skb, NFTA_BITWISE_LEN, htonl(priv->len))) - goto nla_put_failure; + return -1; if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask, NFT_DATA_VALUE, priv->len) < 0) - goto nla_put_failure; + return -1; if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor, NFT_DATA_VALUE, priv->len) < 0) - goto nla_put_failure; + return -1; return 0; - -nla_put_failure: - return -1; } static struct nft_data zero; From patchwork Wed Jan 15 21:32:10 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223899 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=I0ZFvCZU; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX90hwjz9sRQ for ; Thu, 16 Jan 2020 08:32:25 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729274AbgAOVcU (ORCPT ); Wed, 15 Jan 2020 16:32:20 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56840 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729142AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5ItoYff6P6cg4LSIHjAPYbVIPWU2kBcQVBMZ+lw0ehI=; b=I0ZFvCZUbT+BSq3RPaSt8a256h GETP2h44Wm+CLf4TCPv7fDeqJL+N9axkROILOHNuf4z1JzqkgcNmkrgvRMaiBE8/4ZN8yjJwfw3Bk kLZhDdk3vuWOFfJatQyvhTIfePiKEfz2uoDj122X86QPpZFFG8LBXH+VIZnTiUVjYB+ymRuyxH4Q+ TR+2S53lWwZG8jV1ERPLq05qhKVbbj0zdvBu4sq23/fCqqaqS3m4kwNh4cb5PbEPVNBJxU8NV/58K 5Vgtcco+ZOAObWHRUEUfYi0qvsytJW7j1EfMXzt49iNc8vtAi3CQZG89Ey1M7MQz1+sqRF6SMPTdn gIRPgK9w==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGv-0008BP-OP; Wed, 15 Jan 2020 21:32:17 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 04/10] netfilter: bitwise: add NFTA_BITWISE_OP attribute. Date: Wed, 15 Jan 2020 21:32:10 +0000 Message-Id: <20200115213216.77493-5-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Add a new bitwise netlink attribute, NFTA_BITWISE_OP, which is set to a value of a new enum, nft_bitwise_ops. It describes the type of operation an expression contains. Currently, it only has one value: NFT_BITWISE_BOOL. More values will be added later to implement shifts. Signed-off-by: Jeremy Sowden --- include/uapi/linux/netfilter/nf_tables.h | 12 ++++++++++++ net/netfilter/nft_bitwise.c | 16 ++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index e237ecbdcd8a..cfda75725455 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -484,6 +484,16 @@ enum nft_immediate_attributes { }; #define NFTA_IMMEDIATE_MAX (__NFTA_IMMEDIATE_MAX - 1) +/** + * enum nft_bitwise_ops - nf_tables bitwise operations + * + * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and + * XOR boolean operations + */ +enum nft_bitwise_ops { + NFT_BITWISE_BOOL, +}; + /** * enum nft_bitwise_attributes - nf_tables bitwise expression netlink attributes * @@ -492,6 +502,7 @@ enum nft_immediate_attributes { * @NFTA_BITWISE_LEN: length of operands (NLA_U32) * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes) * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes) + * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops) * * The bitwise expression performs the following operation: * @@ -512,6 +523,7 @@ enum nft_bitwise_attributes { NFTA_BITWISE_LEN, NFTA_BITWISE_MASK, NFTA_BITWISE_XOR, + NFTA_BITWISE_OP, __NFTA_BITWISE_MAX }; #define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index c15e9beb5243..4884716d844a 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -18,6 +18,7 @@ struct nft_bitwise { enum nft_registers sreg:8; enum nft_registers dreg:8; + enum nft_bitwise_ops op:8; u8 len; struct nft_data mask; struct nft_data xor; @@ -41,6 +42,7 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = { [NFTA_BITWISE_LEN] = { .type = NLA_U32 }, [NFTA_BITWISE_MASK] = { .type = NLA_NESTED }, [NFTA_BITWISE_XOR] = { .type = NLA_NESTED }, + [NFTA_BITWISE_OP] = { .type = NLA_U32 }, }; static int nft_bitwise_init(const struct nft_ctx *ctx, @@ -76,6 +78,18 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, if (err < 0) return err; + if (tb[NFTA_BITWISE_OP]) { + priv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP])); + switch (priv->op) { + case NFT_BITWISE_BOOL: + break; + default: + return -EINVAL; + } + } else { + priv->op = NFT_BITWISE_BOOL; + } + err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1, tb[NFTA_BITWISE_MASK]); if (err < 0) @@ -112,6 +126,8 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) return -1; if (nla_put_be32(skb, NFTA_BITWISE_LEN, htonl(priv->len))) return -1; + if (nla_put_be32(skb, NFTA_BITWISE_OP, htonl(priv->op))) + return -1; if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask, NFT_DATA_VALUE, priv->len) < 0) From patchwork Wed Jan 15 21:32:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223893 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=HExt1BVK; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX63VRKz9sR4 for ; Thu, 16 Jan 2020 08:32:22 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729045AbgAOVcU (ORCPT ); Wed, 15 Jan 2020 16:32:20 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56844 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729173AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=i+fBimlTPau0lDkrNNI71WL6xuGUWlxZIBhqG5nGY1A=; b=HExt1BVKToVhA1Jdzaussa9J+2 WzyUefbTjakO/3vXHtGfJh28FbP/hOj8SWuu/kS0C+rDNdpmebtVsCZXOR35Ru91Rb9jfBHygOt2H mbsxyrOuSIy7+2aohXCIusV5xezXJ4mHY7as1JcMZeTzL4KE6dxCREJdqT4fwPhJoqOhSZ1Qy+EaC GGxUP+q/W7oY6vkkgOmOWk0YJETLFbEEw4MdcP7UP6DGmTLVpw2W7gPX7Ka2lPmu3pLaTarChwPJF Z+iDTltYgRFsC4i8txlsxlcuYKvrVyqW/5rp3Cwdfcu0tmoC/BvtlFVEJi6Nk3sre36XqNfDwOcft ZhIA+jQQ==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGw-0008BP-2E; Wed, 15 Jan 2020 21:32:18 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 05/10] netfilter: bitwise: add helper for initializing boolean operations. Date: Wed, 15 Jan 2020 21:32:11 +0000 Message-Id: <20200115213216.77493-6-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Split the code specific to initializing bitwise boolean operations out into a separate function. A similar function will be added later for shift operations. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 67 +++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 26 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 4884716d844a..4a8d37eb43a4 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -45,20 +45,53 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = { [NFTA_BITWISE_OP] = { .type = NLA_U32 }, }; +static int nft_bitwise_init_bool(struct nft_bitwise *priv, + const struct nlattr *const tb[]) +{ + struct nft_data_desc d1, d2; + int err; + + if (!tb[NFTA_BITWISE_MASK] || + !tb[NFTA_BITWISE_XOR]) + return -EINVAL; + + err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1, + tb[NFTA_BITWISE_MASK]); + if (err < 0) + return err; + if (d1.type != NFT_DATA_VALUE || d1.len != priv->len) { + err = -EINVAL; + goto err1; + } + + err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &d2, + tb[NFTA_BITWISE_XOR]); + if (err < 0) + goto err1; + if (d2.type != NFT_DATA_VALUE || d2.len != priv->len) { + err = -EINVAL; + goto err2; + } + + return 0; +err2: + nft_data_release(&priv->xor, d2.type); +err1: + nft_data_release(&priv->mask, d1.type); + return err; +} + static int nft_bitwise_init(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nlattr * const tb[]) { struct nft_bitwise *priv = nft_expr_priv(expr); - struct nft_data_desc d1, d2; u32 len; int err; if (!tb[NFTA_BITWISE_SREG] || !tb[NFTA_BITWISE_DREG] || - !tb[NFTA_BITWISE_LEN] || - !tb[NFTA_BITWISE_MASK] || - !tb[NFTA_BITWISE_XOR]) + !tb[NFTA_BITWISE_LEN]) return -EINVAL; err = nft_parse_u32_check(tb[NFTA_BITWISE_LEN], U8_MAX, &len); @@ -90,30 +123,12 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, priv->op = NFT_BITWISE_BOOL; } - err = nft_data_init(NULL, &priv->mask, sizeof(priv->mask), &d1, - tb[NFTA_BITWISE_MASK]); - if (err < 0) - return err; - if (d1.type != NFT_DATA_VALUE || d1.len != priv->len) { - err = -EINVAL; - goto err1; - } - - err = nft_data_init(NULL, &priv->xor, sizeof(priv->xor), &d2, - tb[NFTA_BITWISE_XOR]); - if (err < 0) - goto err1; - if (d2.type != NFT_DATA_VALUE || d2.len != priv->len) { - err = -EINVAL; - goto err2; + switch(priv->op) { + case NFT_BITWISE_BOOL: + return nft_bitwise_init_bool(priv, tb); } - return 0; -err2: - nft_data_release(&priv->xor, d2.type); -err1: - nft_data_release(&priv->mask, d1.type); - return err; + return -EINVAL; } static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) From patchwork Wed Jan 15 21:32:12 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223894 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=bMwasTS+; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX70lcDz9sRG for ; Thu, 16 Jan 2020 08:32:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729173AbgAOVcU (ORCPT ); Wed, 15 Jan 2020 16:32:20 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56848 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729188AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=5R7rJZtK438G0Rhnzl9o2VYsf+EsM470cPNvqvVjV8k=; b=bMwasTS+WQ+dehD7xkmLWNi2zO KTE/m0vxmCDzQFvwDroWcZnXs9mVfNXe95FS6xThP0A8KDf5sgZgEcnPeONNF3n0jURh3kqS92mfQ MrSv2PNNbudARZshIhhqGrWVUFTVFrpVP4XkKXF5ncaBktyRDdtARTllaYpaFInNDs8uUYKNCadW7 KOoDXM/lleN/GnDkdCmw/wUrLMVcqYn/X7gEVslcPYoiPlTbg+Ec+c7cSFD1zR9ohrMHxexshNzxr HUYrziNcy3xe1x097DpzgtoqHKhq16fkrA2Nu2l2DeetD62KP6/CdCCrVeGEuHYoLlv3XPgOwP9kz QO7hIWFg==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGw-0008BP-Du; Wed, 15 Jan 2020 21:32:18 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 06/10] netfilter: bitwise: add helper for evaluating boolean operations. Date: Wed, 15 Jan 2020 21:32:12 +0000 Message-Id: <20200115213216.77493-7-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Split the code specific to evaluating bitwise boolean operations out into a separate function. Similar functions will be added later for shift operations. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 4a8d37eb43a4..5f9d151b7047 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -24,16 +24,27 @@ struct nft_bitwise { struct nft_data xor; }; +static void nft_bitwise_eval_bool(u32 *dst, const u32 *src, + const struct nft_bitwise *priv) +{ + unsigned int i; + + for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++) + dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i]; +} + void nft_bitwise_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { const struct nft_bitwise *priv = nft_expr_priv(expr); const u32 *src = ®s->data[priv->sreg]; u32 *dst = ®s->data[priv->dreg]; - unsigned int i; - for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++) - dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i]; + switch (priv->op) { + case NFT_BITWISE_BOOL: + nft_bitwise_eval_bool(dst, src, priv); + break; + } } static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = { From patchwork Wed Jan 15 21:32:13 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223898 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=FjtHyqO1; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX84kK7z9sRG for ; Thu, 16 Jan 2020 08:32:24 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729342AbgAOVcV (ORCPT ); Wed, 15 Jan 2020 16:32:21 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56850 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729112AbgAOVcT (ORCPT ); Wed, 15 Jan 2020 16:32:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=plc2ugXJZPDyInX8U5Ek2zakif7sCVEOMJE7WTe9CH4=; b=FjtHyqO1MBo5ZCl9XxkAIA9lWM navT/dlomXgXsITMnlmPbDzBeTBXkKg6aekHe1ENrXK47anOQThWmGWGPLAG/cv56SbJ3ohMkm4Me QfgwTjR3esBYBVLIN3lO1b/wyybs0/+ns6Wmqni6MhriVyNbf9RU10AJXfgpLjkpepWeX26otzz6Q qMhUgHAX6dbJEw2sTIw4v7KwfcxQ/r0KsvulA6lzNVhBGfA1XJPMn3+Z0ZGe0Vdy9x8KPwmBYLE68 EEgynMUe3RS0Cw88Ol3dSXWMczbqMEiirOcB+VXmQjv/LRmWTxBQyvKqKL0/rUvyPih0ho47F31dn oetmqJ6A==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGw-0008BP-Gc; Wed, 15 Jan 2020 21:32:18 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 07/10] netfilter: bitwise: add helper for dumping boolean operations. Date: Wed, 15 Jan 2020 21:32:13 +0000 Message-Id: <20200115213216.77493-8-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Split the code specific to dumping bitwise boolean operations out into a separate function. A similar function will be added later for shift operations. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 5f9d151b7047..40272a45deeb 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -142,6 +142,20 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, return -EINVAL; } +static int nft_bitwise_dump_bool(struct sk_buff *skb, + const struct nft_bitwise *priv) +{ + if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask, + NFT_DATA_VALUE, priv->len) < 0) + return -1; + + if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor, + NFT_DATA_VALUE, priv->len) < 0) + return -1; + + return 0; +} + static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) { const struct nft_bitwise *priv = nft_expr_priv(expr); @@ -155,15 +169,12 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) if (nla_put_be32(skb, NFTA_BITWISE_OP, htonl(priv->op))) return -1; - if (nft_data_dump(skb, NFTA_BITWISE_MASK, &priv->mask, - NFT_DATA_VALUE, priv->len) < 0) - return -1; - - if (nft_data_dump(skb, NFTA_BITWISE_XOR, &priv->xor, - NFT_DATA_VALUE, priv->len) < 0) - return -1; + switch (priv->op) { + case NFT_BITWISE_BOOL: + return nft_bitwise_dump_bool(skb, priv); + } - return 0; + return -1; } static struct nft_data zero; From patchwork Wed Jan 15 21:32:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223895 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=SfQ1FQ5c; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX75mrdz9sNx for ; Thu, 16 Jan 2020 08:32:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729281AbgAOVcV (ORCPT ); Wed, 15 Jan 2020 16:32:21 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56854 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729241AbgAOVcU (ORCPT ); Wed, 15 Jan 2020 16:32:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=TA0hQNrpxfI6RhSRwgf4ir3ZFAV7W8p1Pb2sW1OGqtc=; b=SfQ1FQ5c94WIO3hqlColS2OiEl BOQg+3edTehdf5qrdd/eq/H/TN2Y0/FABNwyoD15R8Kp5m6wQBtupfRLJ24ydjnKG/0rmesxzfH0k iz6eR+sx79mIY/XWi6M8UsxqHgzSqy2ToivYS9x/s+f9cQnm0DeNbsDxdvyrhPrAqf6dCJTWMb6bI iNjrpUYLCvLE1+hcaTtXgeCtBMcZXmknDxVwmW1o1fobJ6OGdI37/jcIGTUmBdGczwCEFmMeCBXft 1BZ1J3cX9B9huOdVbCUEijRbW3HnBBpdqpJwygxNQyFtQwuxUpF3iE3GbOq35jMfLvZvNg5pDN3wZ zcRWGRdA==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGw-0008BP-Lk; Wed, 15 Jan 2020 21:32:18 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 08/10] netfilter: bitwise: only offload boolean operations. Date: Wed, 15 Jan 2020 21:32:14 +0000 Message-Id: <20200115213216.77493-9-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Only boolean operations supports offloading, so check the type of the operation and return an error for other types. Signed-off-by: Jeremy Sowden --- net/netfilter/nft_bitwise.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 40272a45deeb..582014f696ad 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -186,6 +186,9 @@ static int nft_bitwise_offload(struct nft_offload_ctx *ctx, const struct nft_bitwise *priv = nft_expr_priv(expr); struct nft_offload_reg *reg = &ctx->regs[priv->dreg]; + if (priv->op != NFT_BITWISE_BOOL) + return -EOPNOTSUPP; + if (memcmp(&priv->xor, &zero, sizeof(priv->xor)) || priv->sreg != priv->dreg || priv->len != reg->len) return -EOPNOTSUPP; From patchwork Wed Jan 15 21:32:15 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223896 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=mwhiDF6r; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47ygX81YwCz9sR4 for ; Thu, 16 Jan 2020 08:32:24 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726310AbgAOVcV (ORCPT ); Wed, 15 Jan 2020 16:32:21 -0500 Received: from kadath.azazel.net ([81.187.231.250]:56860 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729256AbgAOVcU (ORCPT ); Wed, 15 Jan 2020 16:32:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Tc9vIT6gWxi31HbToKyyiJYbtSZnijRciXM+uFM1viI=; b=mwhiDF6rhaPA7i3m9T+Ij9zu53 VckZYeBz9uttffcxtaNUC5Msx5m7jQ0D/thoqnCtDzAlRzUfYTu4qx02Voz7Q+SKvW/rydINgxHJX KzlQDF0VF150+7NlkvqnGnkHPRhTXxt/An+H7L5FEjmI39NRdXBH4FdV+T+nF/TELqkUkd0wxABnB w8DaDCAhb0WIuvx2yBW2/QY1ucfGxjLSZVNycjuL22GQ7GGaseR+jrQ8b6FW8Ufk82yRPDTaK9MeV 414lOAHy64whE9w//cxEIxo6s3furLIEdZbG6XLiT88a/TMEuEz5k8o/C7VEk6SmXFu2HObMPlFc3 HTNEWUSA==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGw-0008BP-Sq; Wed, 15 Jan 2020 21:32:19 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 09/10] netfilter: bitwise: add NFTA_BITWISE_DATA attribute. Date: Wed, 15 Jan 2020 21:32:15 +0000 Message-Id: <20200115213216.77493-10-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Add a new bitwise netlink attribute that will be used by shift operations to store the size of the shift. It is not used by boolean operations. Signed-off-by: Jeremy Sowden --- include/uapi/linux/netfilter/nf_tables.h | 3 +++ net/netfilter/nft_bitwise.c | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index cfda75725455..0277ebe30c5c 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -503,6 +503,8 @@ enum nft_bitwise_ops { * @NFTA_BITWISE_MASK: mask value (NLA_NESTED: nft_data_attributes) * @NFTA_BITWISE_XOR: xor value (NLA_NESTED: nft_data_attributes) * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops) + * @NFTA_BITWISE_DATA: argument for non-boolean operations + * (NLA_NESTED: nft_data_attributes) * * The bitwise expression performs the following operation: * @@ -524,6 +526,7 @@ enum nft_bitwise_attributes { NFTA_BITWISE_MASK, NFTA_BITWISE_XOR, NFTA_BITWISE_OP, + NFTA_BITWISE_DATA, __NFTA_BITWISE_MAX }; #define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1) diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 582014f696ad..ba1c0cd332c4 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -22,6 +22,7 @@ struct nft_bitwise { u8 len; struct nft_data mask; struct nft_data xor; + struct nft_data data; }; static void nft_bitwise_eval_bool(u32 *dst, const u32 *src, @@ -54,6 +55,7 @@ static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = { [NFTA_BITWISE_MASK] = { .type = NLA_NESTED }, [NFTA_BITWISE_XOR] = { .type = NLA_NESTED }, [NFTA_BITWISE_OP] = { .type = NLA_U32 }, + [NFTA_BITWISE_DATA] = { .type = NLA_NESTED }, }; static int nft_bitwise_init_bool(struct nft_bitwise *priv, @@ -62,6 +64,9 @@ static int nft_bitwise_init_bool(struct nft_bitwise *priv, struct nft_data_desc d1, d2; int err; + if (tb[NFTA_BITWISE_DATA]) + return -EINVAL; + if (!tb[NFTA_BITWISE_MASK] || !tb[NFTA_BITWISE_XOR]) return -EINVAL; From patchwork Wed Jan 15 21:32:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeremy Sowden X-Patchwork-Id: 1223905 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=azazel.net Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; secure) header.d=azazel.net header.i=@azazel.net header.a=rsa-sha256 header.s=20190108 header.b=l1a59WcV; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47yh5K6NX8z9sR0 for ; Thu, 16 Jan 2020 08:57:41 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729173AbgAOV5k (ORCPT ); Wed, 15 Jan 2020 16:57:40 -0500 Received: from kadath.azazel.net ([81.187.231.250]:57936 "EHLO kadath.azazel.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728896AbgAOV5k (ORCPT ); Wed, 15 Jan 2020 16:57:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=azazel.net; s=20190108; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=k9d9U3mW++8z8FEK3jOItUauWwnewZaFPVSx35xnht4=; b=l1a59WcV5coedV09kXLC7fHa9v HWC6SY+pU47g0QSkKq0uVUzBx36AbGSuVkjJ0BFyzH62U+WTI0vATxdz5/6I3ijMljA2YyqgjQqVU wUDfoKMjhG647QjmOkpExNwkTDKdmTAZ9GcdkTV9U4DmAkYGrfl3G5/glsivdSJvbhUzXb5h5u2k8 OZ/9JARzcCvc0h1sFSVABqj8T82U3LeYV+0dtafnfqnBmnqrdZAPpA61sIvvhtp+85nvPUdDS+e5D QlQDGWSHbjvgJUQsMl1MfqAynO+71IBbKe3QlutVKLFv2f7QFHkaUz3q24h4/hTXYYRyD/2FMssbU tXY80t1A==; Received: from [2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae] (helo=ulthar.dreamlands) by kadath.azazel.net with esmtp (Exim 4.92) (envelope-from ) id 1irqGx-0008BP-5f; Wed, 15 Jan 2020 21:32:19 +0000 From: Jeremy Sowden To: Pablo Neira Ayuso Cc: Netfilter Devel Subject: [PATCH nf-next v4 10/10] netfilter: bitwise: add support for shifts. Date: Wed, 15 Jan 2020 21:32:16 +0000 Message-Id: <20200115213216.77493-11-jeremy@azazel.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200115213216.77493-1-jeremy@azazel.net> References: <20200115213216.77493-1-jeremy@azazel.net> MIME-Version: 1.0 X-SA-Exim-Connect-IP: 2001:8b0:fb7d:d6d7:2e4d:54ff:fe4b:a9ae X-SA-Exim-Mail-From: jeremy@azazel.net X-SA-Exim-Scanned: No (on kadath.azazel.net); SAEximRunCond expanded to false Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Hitherto nft_bitwise has only supported boolean operations: NOT, AND, OR and XOR. Extend it to do shifts as well. Signed-off-by: Jeremy Sowden --- include/uapi/linux/netfilter/nf_tables.h | 9 ++- net/netfilter/nft_bitwise.c | 75 ++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 0277ebe30c5c..59455e7fec93 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -489,9 +489,13 @@ enum nft_immediate_attributes { * * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and * XOR boolean operations + * @NFT_BITWISE_LSHIFT: left-shift operation + * @NFT_BITWISE_RSHIFT: right-shift operation */ enum nft_bitwise_ops { NFT_BITWISE_BOOL, + NFT_BITWISE_LSHIFT, + NFT_BITWISE_RSHIFT, }; /** @@ -506,11 +510,12 @@ enum nft_bitwise_ops { * @NFTA_BITWISE_DATA: argument for non-boolean operations * (NLA_NESTED: nft_data_attributes) * - * The bitwise expression performs the following operation: + * The bitwise expression supports boolean and shift operations. It implements + * the boolean operations by performing the following operation: * * dreg = (sreg & mask) ^ xor * - * which allow to express all bitwise operations: + * with these mask and xor values: * * mask xor * NOT: 1 1 diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index ba1c0cd332c4..a0cba86d5ab4 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c @@ -34,6 +34,32 @@ static void nft_bitwise_eval_bool(u32 *dst, const u32 *src, dst[i] = (src[i] & priv->mask.data[i]) ^ priv->xor.data[i]; } +static void nft_bitwise_eval_lshift(u32 *dst, const u32 *src, + const struct nft_bitwise *priv) +{ + u32 shift = priv->data.data[0]; + unsigned int i; + u32 carry = 0; + + for (i = DIV_ROUND_UP(priv->len, sizeof(u32)); i > 0; i--) { + dst[i - 1] = (src[i - 1] << shift) | carry; + carry = src[i - 1] >> (BITS_PER_TYPE(u32) - shift); + } +} + +static void nft_bitwise_eval_rshift(u32 *dst, const u32 *src, + const struct nft_bitwise *priv) +{ + u32 shift = priv->data.data[0]; + unsigned int i; + u32 carry = 0; + + for (i = 0; i < DIV_ROUND_UP(priv->len, sizeof(u32)); i++) { + dst[i] = carry | (src[i] >> shift); + carry = src[i] << (BITS_PER_TYPE(u32) - shift); + } +} + void nft_bitwise_eval(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt) { @@ -45,6 +71,12 @@ void nft_bitwise_eval(const struct nft_expr *expr, case NFT_BITWISE_BOOL: nft_bitwise_eval_bool(dst, src, priv); break; + case NFT_BITWISE_LSHIFT: + nft_bitwise_eval_lshift(dst, src, priv); + break; + case NFT_BITWISE_RSHIFT: + nft_bitwise_eval_rshift(dst, src, priv); + break; } } @@ -97,6 +129,32 @@ static int nft_bitwise_init_bool(struct nft_bitwise *priv, return err; } +static int nft_bitwise_init_shift(struct nft_bitwise *priv, + const struct nlattr *const tb[]) +{ + struct nft_data_desc d; + int err; + + if (tb[NFTA_BITWISE_MASK] || + tb[NFTA_BITWISE_XOR]) + return -EINVAL; + + if (!tb[NFTA_BITWISE_DATA]) + return -EINVAL; + + err = nft_data_init(NULL, &priv->data, sizeof(priv->data), &d, + tb[NFTA_BITWISE_DATA]); + if (err < 0) + return err; + if (d.type != NFT_DATA_VALUE || d.len > sizeof(u32) || + priv->data.data[0] >= BITS_PER_TYPE(u32)) { + nft_data_release(&priv->data, d.type); + return -EINVAL; + } + + return 0; +} + static int nft_bitwise_init(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nlattr * const tb[]) @@ -131,6 +189,8 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, priv->op = ntohl(nla_get_be32(tb[NFTA_BITWISE_OP])); switch (priv->op) { case NFT_BITWISE_BOOL: + case NFT_BITWISE_LSHIFT: + case NFT_BITWISE_RSHIFT: break; default: return -EINVAL; @@ -142,6 +202,9 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, switch(priv->op) { case NFT_BITWISE_BOOL: return nft_bitwise_init_bool(priv, tb); + case NFT_BITWISE_LSHIFT: + case NFT_BITWISE_RSHIFT: + return nft_bitwise_init_shift(priv, tb); } return -EINVAL; @@ -161,6 +224,15 @@ static int nft_bitwise_dump_bool(struct sk_buff *skb, return 0; } +static int nft_bitwise_dump_shift(struct sk_buff *skb, + const struct nft_bitwise *priv) +{ + if (nft_data_dump(skb, NFTA_BITWISE_DATA, &priv->data, + NFT_DATA_VALUE, sizeof(u32)) < 0) + return -1; + return 0; +} + static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) { const struct nft_bitwise *priv = nft_expr_priv(expr); @@ -177,6 +249,9 @@ static int nft_bitwise_dump(struct sk_buff *skb, const struct nft_expr *expr) switch (priv->op) { case NFT_BITWISE_BOOL: return nft_bitwise_dump_bool(skb, priv); + case NFT_BITWISE_LSHIFT: + case NFT_BITWISE_RSHIFT: + return nft_bitwise_dump_shift(skb, priv); } return -1;