leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: nft_lookup: only cancel tracking for clobbered dregs

Browse Source 
In most cases, nft_lookup will be read-only, i.e. won't clobber
registers.  In case of map, we need to cancel the registers that will
see stores.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2022-03-14 18:23:03 +01:00 committed by Pablo Neira Ayuso
parent 03858af013
commit e50ae445fb
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/netfilter/nft_lookup.c
View File

@ -253,6 +253,17 @@ static int nft_lookup_validate(const struct nft_ctx *ctx,
return 0; return 0;
} }
static bool nft_lookup_reduce(struct nft_regs_track *track,
const struct nft_expr *expr)
{
const struct nft_lookup *priv = nft_expr_priv(expr);
if (priv->set->flags & NFT_SET_MAP)
nft_reg_track_cancel(track, priv->dreg, priv->set->dlen);
return false;
}
static const struct nft_expr_ops nft_lookup_ops = { static const struct nft_expr_ops nft_lookup_ops = {
.type = &nft_lookup_type, .type = &nft_lookup_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_lookup)), .size = NFT_EXPR_SIZE(sizeof(struct nft_lookup)),
@ -263,6 +274,7 @@ static const struct nft_expr_ops nft_lookup_ops = {
.destroy = nft_lookup_destroy, .destroy = nft_lookup_destroy,
.dump = nft_lookup_dump, .dump = nft_lookup_dump,
.validate = nft_lookup_validate, .validate = nft_lookup_validate,
.reduce = nft_lookup_reduce,
}; };
struct nft_expr_type nft_lookup_type __read_mostly = { struct nft_expr_type nft_lookup_type __read_mostly = {