summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2020-10-01 18:57:44 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2020-10-04 21:08:33 +0200
commit10fdd6d80e4c21ad48f3860d723f5b3b5965477b (patch)
treebfc2834ea3fe446b5bf8c59082afba2e8836b25c /include/net
parentnetfilter: nf_tables: Enable fast nft_cmp for inverted matches (diff)
downloadlinux-10fdd6d80e4c21ad48f3860d723f5b3b5965477b.tar.xz
linux-10fdd6d80e4c21ad48f3860d723f5b3b5965477b.zip
netfilter: nf_tables: Implement fast bitwise expression
A typical use of bitwise expression is to mask out parts of an IP address when matching on the network part only. Optimize for this common use with a fast variant for NFT_BITWISE_BOOL-type expressions operating on 32bit-sized values. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_tables_core.h9
1 files changed, 9 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
index df2d91c814cb..8657e6815b07 100644
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -23,6 +23,13 @@ extern struct nft_object_type nft_secmark_obj_type;
int nf_tables_core_module_init(void);
void nf_tables_core_module_exit(void);
+struct nft_bitwise_fast_expr {
+ u32 mask;
+ u32 xor;
+ enum nft_registers sreg:8;
+ enum nft_registers dreg:8;
+};
+
struct nft_cmp_fast_expr {
u32 data;
u32 mask;
@@ -68,6 +75,8 @@ struct nft_payload_set {
extern const struct nft_expr_ops nft_payload_fast_ops;
+extern const struct nft_expr_ops nft_bitwise_fast_ops;
+
extern struct static_key_false nft_counters_enabled;
extern struct static_key_false nft_trace_enabled;