netfilter: nft_bitwise: add offload support

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Extract mask from bitwise operation and store it into the corresponding
context register so the cmp instruction can set the mask accordingly.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 6 years ago bd8699e9 7e59b3fe

+19

1 changed file

expand all

net

netfilter

nft_bitwise.c

+19

net/netfilter/nft_bitwise.c

··· 13 13 #include <linux/netfilter/nf_tables.h> 14 14 #include <net/netfilter/nf_tables_core.h> 15 15 #include <net/netfilter/nf_tables.h> 16 + #include <net/netfilter/nf_tables_offload.h> 16 17 17 18 struct nft_bitwise { 18 19 enum nft_registers sreg:8; ··· 127 126 return -1; 128 127 } 129 128 129 + static struct nft_data zero; 130 + 131 + static int nft_bitwise_offload(struct nft_offload_ctx *ctx, 132 + struct nft_flow_rule *flow, 133 + const struct nft_expr *expr) 134 + { 135 + const struct nft_bitwise *priv = nft_expr_priv(expr); 136 + 137 + if (memcmp(&priv->xor, &zero, sizeof(priv->xor) || 138 + priv->sreg != priv->dreg)) 139 + return -EOPNOTSUPP; 140 + 141 + memcpy(&ctx->regs[priv->dreg].mask, &priv->mask, sizeof(priv->mask)); 142 + 143 + return 0; 144 + } 145 + 130 146 static const struct nft_expr_ops nft_bitwise_ops = { 131 147 .type = &nft_bitwise_type, 132 148 .size = NFT_EXPR_SIZE(sizeof(struct nft_bitwise)), 133 149 .eval = nft_bitwise_eval, 134 150 .init = nft_bitwise_init, 135 151 .dump = nft_bitwise_dump, 152 + .offload = nft_bitwise_offload, 136 153 }; 137 154 138 155 struct nft_expr_type nft_bitwise_type __read_mostly = {