diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-02-07 19:25:08 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-08-31 17:15:18 +0200 |
| commit | 2267d38520c4aa74c9110c9ef2f6619aebc8446d (patch) | |
| tree | f27c13c512f19f5d93995c8e414481ff2ee4b556 /include | |
| parent | 1d7d74a8240e5d4505f5f3f67417bb7334230c11 (diff) | |
| download | linux-stable-2267d38520c4aa74c9110c9ef2f6619aebc8446d.tar.gz linux-stable-2267d38520c4aa74c9110c9ef2f6619aebc8446d.tar.bz2 linux-stable-2267d38520c4aa74c9110c9ef2f6619aebc8446d.zip | |
netfilter: nft_cmp: optimize comparison for 16-bytes
[ Upstream commit 23f68d462984bfda47c7bf663dca347e8e3df549 ]
Allow up to 16-byte comparisons with a new cmp fast version. Use two
64-bit words and calculate the mask representing the bits to be
compared. Make sure the comparison is 64-bit aligned and avoid
out-of-bound memory access on registers.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_tables_core.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h index fd10a7862fdc..ce75121782bf 100644 --- a/include/net/netfilter/nf_tables_core.h +++ b/include/net/netfilter/nf_tables_core.h @@ -38,6 +38,14 @@ struct nft_cmp_fast_expr { bool inv; }; +struct nft_cmp16_fast_expr { + struct nft_data data; + struct nft_data mask; + u8 sreg; + u8 len; + bool inv; +}; + struct nft_immediate_expr { struct nft_data data; u8 dreg; @@ -55,6 +63,7 @@ static inline u32 nft_cmp_fast_mask(unsigned int len) } extern const struct nft_expr_ops nft_cmp_fast_ops; +extern const struct nft_expr_ops nft_cmp16_fast_ops; struct nft_payload { enum nft_payload_bases base:8; |