From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next,v3 08/14] netfilter: nft_hash: track register operations
Date: Mon, 14 Mar 2022 18:23:07 +0100 [thread overview]
Message-ID: <20220314172313.63348-9-pablo@netfilter.org> (raw)
In-Reply-To: <20220314172313.63348-1-pablo@netfilter.org>
Check if the destination register already contains the data that this
osf expression performs. Always cancel register tracking for jhash since
this requires tracking multiple source registers in case of
concatenations. Perform register tracking (without bitwise) for symhash
since input does not come from source register.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v3: no changes
net/netfilter/nft_hash.c | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index f829f5289e16..e5631e88b285 100644
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -165,6 +165,16 @@ static int nft_jhash_dump(struct sk_buff *skb,
return -1;
}
+static bool nft_jhash_reduce(struct nft_regs_track *track,
+ const struct nft_expr *expr)
+{
+ const struct nft_jhash *priv = nft_expr_priv(expr);
+
+ nft_reg_track_cancel(track, priv->dreg, sizeof(u32));
+
+ return false;
+}
+
static int nft_symhash_dump(struct sk_buff *skb,
const struct nft_expr *expr)
{
@@ -185,6 +195,30 @@ static int nft_symhash_dump(struct sk_buff *skb,
return -1;
}
+static bool nft_symhash_reduce(struct nft_regs_track *track,
+ const struct nft_expr *expr)
+{
+ struct nft_symhash *priv = nft_expr_priv(expr);
+ struct nft_symhash *symhash;
+
+ if (!nft_reg_track_cmp(track, expr, priv->dreg)) {
+ nft_reg_track_update(track, expr, priv->dreg, sizeof(u32));
+ return false;
+ }
+
+ symhash = nft_expr_priv(track->regs[priv->dreg].selector);
+ if (priv->offset != symhash->offset ||
+ priv->modulus != symhash->modulus) {
+ nft_reg_track_update(track, expr, priv->dreg, sizeof(u32));
+ return false;
+ }
+
+ if (!track->regs[priv->dreg].bitwise)
+ return true;
+
+ return false;
+}
+
static struct nft_expr_type nft_hash_type;
static const struct nft_expr_ops nft_jhash_ops = {
.type = &nft_hash_type,
@@ -192,6 +226,7 @@ static const struct nft_expr_ops nft_jhash_ops = {
.eval = nft_jhash_eval,
.init = nft_jhash_init,
.dump = nft_jhash_dump,
+ .reduce = nft_jhash_reduce,
};
static const struct nft_expr_ops nft_symhash_ops = {
@@ -200,6 +235,7 @@ static const struct nft_expr_ops nft_symhash_ops = {
.eval = nft_symhash_eval,
.init = nft_symhash_init,
.dump = nft_symhash_dump,
+ .reduce = nft_symhash_reduce,
};
static const struct nft_expr_ops *
--
2.30.2
next prev parent reply other threads:[~2022-03-14 17:23 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-14 17:22 [PATCH nf-next,v3 00/14] register tracking infrastructure follow up Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 01/14] netfilter: nf_tables: do not reduce read-only expressions Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 02/14] netfilter: nf_tables: cancel tracking for clobbered destination registers Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 03/14] netfilter: nft_ct: track register operations Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 04/14] netfilter: nft_lookup: only cancel tracking for clobbered dregs Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 05/14] netfilter: nft_meta: extend reduce support to bridge family Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 06/14] netfilter: nft_numgen: cancel register tracking Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 07/14] netfilter: nft_osf: track register operations Pablo Neira Ayuso
2022-03-14 17:23 ` Pablo Neira Ayuso [this message]
2022-03-14 17:23 ` [PATCH nf-next,v3 09/14] netfilter: nft_immediate: cancel register tracking for data destination register Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 10/14] netfilter: nft_socket: track register operations Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 11/14] netfilter: nft_xfrm: " Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 12/14] netfilter: nft_tunnel: " Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 13/14] netfilter: nft_fib: add reduce support Pablo Neira Ayuso
2022-03-14 17:23 ` [PATCH nf-next,v3 14/14] netfilter: nft_exthdr: " Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220314172313.63348-9-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).