Currently bitwise boolean operations (AND, OR and XOR) can only have one
variable operand. They are converted in user space into mask-and-xor
operations on one register and two immediate values which are evaluated
by the kernel. We add support for evaluating these operations directly
in kernel space on one register and either an immediate value or a
second register.
* Patch 1 renames functions and an enum constant related to the current
mask-and-xor implementation in anticipation of adding support for
directly evaluating AND, OR and XOR operations.
* Patch 2 adds support for directly evaluating AND, OR and XOR
operations.
Changes since v3
* The patch to keep track of the bit-length of boolean
expressions is no longer needed and has been dropped.
Changes since v2
* Increase size of `nbits` to `u16` and correct checking of maximum
value (`U8_MAX * BITS_PER_BYTE`).
Changes since v1
* New patch added to keep track of the bit-length of boolean
expressions.
* In v1, all boolean operations were still expected to be
mask-and-xor operations, but the mask and xor values could be
passed in registers.
Jeremy Sowden (2):
netfilter: bitwise: rename some boolean operation functions
netfilter: bitwise: add support for doing AND, OR and XOR directly
include/uapi/linux/netfilter/nf_tables.h | 19 ++-
net/netfilter/nft_bitwise.c | 164 +++++++++++++++++++----
2 files changed, 154 insertions(+), 29 deletions(-)
--
2.39.2
