netfilter: add and use nft_set_do_lookup helper

Followup patch will add a CONFIG_RETPOLINE wrapper to avoid
the ops->lookup() indirection cost for retpoline builds.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2021-05-13 22:29:55 +02:00 committed by Pablo Neira Ayuso
parent a58db7ad80
commit 0974cff3eb
3 changed files with 11 additions and 4 deletions

View File

@ -88,6 +88,13 @@ extern const struct nft_set_type nft_set_bitmap_type;
extern const struct nft_set_type nft_set_pipapo_type; extern const struct nft_set_type nft_set_pipapo_type;
extern const struct nft_set_type nft_set_pipapo_avx2_type; extern const struct nft_set_type nft_set_pipapo_avx2_type;
static inline bool
nft_set_do_lookup(const struct net *net, const struct nft_set *set,
const u32 *key, const struct nft_set_ext **ext)
{
return set->ops->lookup(net, set, key, ext);
}
struct nft_expr; struct nft_expr;
struct nft_regs; struct nft_regs;
struct nft_pktinfo; struct nft_pktinfo;

View File

@ -33,8 +33,8 @@ void nft_lookup_eval(const struct nft_expr *expr,
const struct net *net = nft_net(pkt); const struct net *net = nft_net(pkt);
bool found; bool found;
found = set->ops->lookup(net, set, &regs->data[priv->sreg], &ext) ^ found = nft_set_do_lookup(net, set, &regs->data[priv->sreg], &ext) ^
priv->invert; priv->invert;
if (!found) { if (!found) {
ext = nft_set_catchall_lookup(net, set); ext = nft_set_catchall_lookup(net, set);
if (!ext) { if (!ext) {

View File

@ -9,7 +9,7 @@
#include <linux/netlink.h> #include <linux/netlink.h>
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter/nf_tables.h> #include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables.h> #include <net/netfilter/nf_tables_core.h>
#define nft_objref_priv(expr) *((struct nft_object **)nft_expr_priv(expr)) #define nft_objref_priv(expr) *((struct nft_object **)nft_expr_priv(expr))
@ -110,7 +110,7 @@ static void nft_objref_map_eval(const struct nft_expr *expr,
struct nft_object *obj; struct nft_object *obj;
bool found; bool found;
found = set->ops->lookup(net, set, &regs->data[priv->sreg], &ext); found = nft_set_do_lookup(net, set, &regs->data[priv->sreg], &ext);
if (!found) { if (!found) {
ext = nft_set_catchall_lookup(net, set); ext = nft_set_catchall_lookup(net, set);
if (!ext) { if (!ext) {