netfilter: nf_tables: switch registers to 32 bit addressing
Switch the nf_tables registers from 128 bit addressing to 32 bit addressing to support so called concatenations, where multiple values can be concatenated over multiple registers for O(1) exact matches of multiple dimensions using sets. The old register values are mapped to areas of 128 bits for compatibility. When dumping register numbers, values are expressed using the old values if they refer to the beginning of a 128 bit area for compatibility. To support concatenations, register loads of less than a full 32 bit value need to be padded. This mainly affects the payload and exthdr expressions, which both unconditionally zero the last word before copying the data. Userspace fully passes the testsuite using both old and new register addressing. Signed-off-by:Patrick McHardy <kaber@trash.net> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org>
Showing
- include/net/netfilter/nf_tables.h 5 additions, 8 deletionsinclude/net/netfilter/nf_tables.h
- include/uapi/linux/netfilter/nf_tables.h 30 additions, 1 deletioninclude/uapi/linux/netfilter/nf_tables.h
- net/bridge/netfilter/nft_meta_bridge.c 1 addition, 1 deletionnet/bridge/netfilter/nft_meta_bridge.c
- net/ipv4/netfilter/nft_redir_ipv4.c 2 additions, 2 deletionsnet/ipv4/netfilter/nft_redir_ipv4.c
- net/ipv6/netfilter/nft_redir_ipv6.c 2 additions, 2 deletionsnet/ipv6/netfilter/nft_redir_ipv6.c
- net/netfilter/nf_tables_api.c 42 additions, 12 deletionsnet/netfilter/nf_tables_api.c
- net/netfilter/nf_tables_core.c 3 additions, 2 deletionsnet/netfilter/nf_tables_core.c
- net/netfilter/nft_bitwise.c 2 additions, 2 deletionsnet/netfilter/nft_bitwise.c
- net/netfilter/nft_byteorder.c 2 additions, 2 deletionsnet/netfilter/nft_byteorder.c
- net/netfilter/nft_ct.c 2 additions, 2 deletionsnet/netfilter/nft_ct.c
- net/netfilter/nft_exthdr.c 2 additions, 1 deletionnet/netfilter/nft_exthdr.c
- net/netfilter/nft_immediate.c 1 addition, 1 deletionnet/netfilter/nft_immediate.c
- net/netfilter/nft_lookup.c 1 addition, 1 deletionnet/netfilter/nft_lookup.c
- net/netfilter/nft_meta.c 5 additions, 2 deletionsnet/netfilter/nft_meta.c
- net/netfilter/nft_nat.c 8 additions, 8 deletionsnet/netfilter/nft_nat.c
- net/netfilter/nft_payload.c 2 additions, 1 deletionnet/netfilter/nft_payload.c
Loading
-
mentioned in commit 6e1acfa3
-
mentioned in commit 1bd57dea
-
mentioned in commit a8318f70
-
mentioned in commit 7df3c94a
-
mentioned in commit cc7bc8c7
-
mentioned in commit 5ba3a960
-
mentioned in commit eb5b579b
-
mentioned in commit fd94d9da
-
mentioned in commit msm-4.19@a7d86a77
Please register or sign in to comment