Supporting inverted bitwise in nft I

I’m still banging my head providing support for the inverted bitwise that I referenced in an older post. Now the challenge is not only provides such functionality but also simplify the code.

In the nftables source code we can currently see a function called


in the file netlink_linearize.c which is called to generate the bitwise and cmp operations needed when the list of bitwise is positive, like is shown below:

nft --debug=netlink add rule ip filter INPUT ct state new,related,established,untracked
ip filter INPUT 
  [ ct load state => reg 1 ]
  [ bitwise reg 1 = (reg=1 & 0x0000004e ) ^ 0x00000000 ]
  [ cmp neq reg 1 0x00000000 ]

Now, the challenge is to improve the behavior in order to generate both operations in the evaluation phase, within the file evaluate.c creating the logic structure:

        relational (OP_NEQ)
                / \
               /   \
              /     \
         bitwise   value
            /  \
           /    \
     ct state   mask

No luck until now, but I’ll upgrade the state of this development.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s