mbox series

[nf-next,v4,0/2] netfilter: bitwise: support boolean operations with variable RHS operands

Message ID 20230528135259.1218169-1-jeremy@azazel.net
Headers show
Series netfilter: bitwise: support boolean operations with variable RHS operands | expand

Message

Jeremy Sowden May 28, 2023, 1:52 p.m. UTC
Currently bitwise boolean operations (AND, OR and XOR) can only have one
variable operand.  They are converted in user space into mask-and-xor
operations on one register and two immediate values which are evaluated
by the kernel.  We add support for evaluating these operations directly
in kernel space on one register and either an immediate value or a
second register.

* Patch 1 renames functions and an enum constant related to the current
  mask-and-xor implementation in anticipation of adding support for
  directly evaluating AND, OR and XOR operations.
* Patch 2 adds support for directly evaluating AND, OR and XOR
  operations.

Changes since v3

  * The patch to keep track of the bit-length of boolean
    expressions is no longer needed and has been dropped.

Changes since v2

  * Increase size of `nbits` to `u16` and correct checking of maximum
    value (`U8_MAX * BITS_PER_BYTE`).

Changes since v1

  * New patch added to keep track of the bit-length of boolean
    expressions.
  * In v1, all boolean operations were still expected to be
    mask-and-xor operations, but the mask and xor values could be
    passed in registers.

Jeremy Sowden (2):
  netfilter: bitwise: rename some boolean operation functions
  netfilter: bitwise: add support for doing AND, OR and XOR directly

 include/uapi/linux/netfilter/nf_tables.h |  19 ++-
 net/netfilter/nft_bitwise.c              | 164 +++++++++++++++++++----
 2 files changed, 154 insertions(+), 29 deletions(-)