On Sun, May 28, 2023 at 03:00:50PM +0100, Jeremy Sowden wrote: > This patch-set adds support for new bitwise boolean operations to > nftables, and uses this to extend the types of value which can be > assigned to packet marks and payload fields. The original motivation > for these changes was Kevin Darbyshire-Bryant's wish to be able to set > the conntrack mark to a bitwise expression derived from a DSCP value: > > https://lore.kernel.org/netfilter-devel/20191203160652.44396-1-ldir@xxxxxxxxxxxxxxxxxxxxxxx/#r > > For example: > > nft add rule t c ct mark set ip dscp lshift 26 or 0x10 > > Examples like this could be implemented solely by changes to user space. > However, other examples came up in later discussion, such as: > > nft add rule t c ct mark set ct mark and 0xffff0000 or meta mark and 0xffff > > and most recently: > > nft add rule t c ct mark set ct mark or ip dscp or 0x200 > > which require boolean bitwise operations with two variable operands. > > Hitherto, the kernel has required that AND, OR and XOR operations be > converted in user space to mask-and-xor operations on one register and > two immediate values. The related kernel space patch-set, however, adds > support for performing these operations directly on one register and an > immediate value, or on two registers. This patch-set extends nftables > to make use of this functionality. > > The previous version of this series also included a few small changes to > make it easier to add debug output and changes to support the assign- > ments which did not require binops on two registers. The former have > been dropped and the latter were reworked and applied by Pablo. The > following remain. > > * Patch 1 adds support for linearizing and delinearizing the new > operations. > * Patches 2-7 add support for using them in payload and mark > assignments. > * Patch 8 adds tests for the new assignments. > > Jeremy Sowden (8): > netlink: support (de)linearization of new bitwise boolean operations > netlink_delinearize: refactor stmt_payload_binop_postprocess > netlink_delinearize: add support for processing variable payload > statement arguments > evaluate: prevent nested byte-order conversions > evaluate: preserve existing binop properties > evaluate: allow binop expressions with variable right-hand operands > parser_json: allow RHS mark and payload expressions > tests: add tests for binops with variable RHS operands Reviewed-by: Phil Sutter <phil@xxxxxx>
