tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: add and use nft_set_do_lookup helper

Followup patch will add a CONFIG_RETPOLINE wrapper to avoid
the ops->lookup() indirection cost for retpoline builds.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 0974cff3 a58db7ad

+11 -4
+7
include/net/netfilter/nf_tables_core.h
··· 88 88 extern const struct nft_set_type nft_set_pipapo_type; 89 89 extern const struct nft_set_type nft_set_pipapo_avx2_type; 90 90 91 + static inline bool 92 + nft_set_do_lookup(const struct net *net, const struct nft_set *set, 93 + const u32 *key, const struct nft_set_ext **ext) 94 + { 95 + return set->ops->lookup(net, set, key, ext); 96 + } 97 + 91 98 struct nft_expr; 92 99 struct nft_regs; 93 100 struct nft_pktinfo;
+2 -2
net/netfilter/nft_lookup.c
··· 33 33 const struct net *net = nft_net(pkt); 34 34 bool found; 35 35 36 - found = set->ops->lookup(net, set, &regs->data[priv->sreg], &ext) ^ 37 - priv->invert; 36 + found = nft_set_do_lookup(net, set, &regs->data[priv->sreg], &ext) ^ 37 + priv->invert; 38 38 if (!found) { 39 39 ext = nft_set_catchall_lookup(net, set); 40 40 if (!ext) {
+2 -2
net/netfilter/nft_objref.c
··· 9 9 #include <linux/netlink.h> 10 10 #include <linux/netfilter.h> 11 11 #include <linux/netfilter/nf_tables.h> 12 - #include <net/netfilter/nf_tables.h> 12 + #include <net/netfilter/nf_tables_core.h> 13 13 14 14 #define nft_objref_priv(expr) *((struct nft_object **)nft_expr_priv(expr)) 15 15 ··· 110 110 struct nft_object *obj; 111 111 bool found; 112 112 113 - found = set->ops->lookup(net, set, &regs->data[priv->sreg], &ext); 113 + found = nft_set_do_lookup(net, set, &regs->data[priv->sreg], &ext); 114 114 if (!found) { 115 115 ext = nft_set_catchall_lookup(net, set); 116 116 if (!ext) {