tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nft_osf: track register operations
Allow to recycle the previous output of the OS fingerprint expression
if flags and ttl are the same.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+25
+25
net/netfilter/nft_osf.c
+25
net/netfilter/nft_osf.c
···
120
120
(1 << NF_INET_FORWARD));
121
121
}
122
122
123
+
static bool nft_osf_reduce(struct nft_regs_track *track,
124
+
const struct nft_expr *expr)
125
+
{
126
+
struct nft_osf *priv = nft_expr_priv(expr);
127
+
struct nft_osf *osf;
128
+
129
+
if (!nft_reg_track_cmp(track, expr, priv->dreg)) {
130
+
nft_reg_track_update(track, expr, priv->dreg, NFT_OSF_MAXGENRELEN);
131
+
return false;
132
+
}
133
+
134
+
osf = nft_expr_priv(track->regs[priv->dreg].selector);
135
+
if (priv->flags != osf->flags ||
136
+
priv->ttl != osf->ttl) {
137
+
nft_reg_track_update(track, expr, priv->dreg, NFT_OSF_MAXGENRELEN);
138
+
return false;
139
+
}
140
+
141
+
if (!track->regs[priv->dreg].bitwise)
142
+
return true;
143
+
144
+
return false;
145
+
}
146
+
123
147
static struct nft_expr_type nft_osf_type;
124
148
static const struct nft_expr_ops nft_osf_op = {
125
149
.eval = nft_osf_eval,
···
152
128
.dump = nft_osf_dump,
153
129
.type = &nft_osf_type,
154
130
.validate = nft_osf_validate,
131
+
.reduce = nft_osf_reduce,
155
132
};
156
133
157
134
static struct nft_expr_type nft_osf_type __read_mostly = {