netfilter: nf_tables: do not reduce read-only expressions

Skip register tracking for expressions that perform read-only operations on the registers. Define and use a cookie pointer NFT_REDUCE_READONLY to avoid defining stubs for these expressions. This patch re-enables register tracking which was disabled in ed5f85d42290 ("netfilter: nf_tables: disable register tracking"). Follow up patches add remaining register tracking for existing expressions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-14 20:23:00 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-20 02:29:46 +0300
commit: b2d306542ff935a4edf7a88ba8145c108193442a (patch)
tree: 4c02a42b60c7c6305d11ac1838127795238e18e7 /include/net
parent: 31d0bb9763efad30377505f3467f958d1ebe1e3d (diff)
download: linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index c4c0861deac1..edabfb9e97ce 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1633,4 +1633,12 @@ static inline struct nftables_pernet *nft_pernet(const struct net *net)
 	return net_generic(net, nf_tables_net_id);
 }
 
+#define __NFT_REDUCE_READONLY	1UL
+#define NFT_REDUCE_READONLY	(void *)__NFT_REDUCE_READONLY
+
+static inline bool nft_reduce_is_readonly(const struct nft_expr *expr)
+{
+	return expr->ops->reduce == NFT_REDUCE_READONLY;
+}
+
 #endif /* _NET_NF_TABLES_H */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-14 20:23:00 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-20 02:29:46 +0300
commit	b2d306542ff935a4edf7a88ba8145c108193442a (patch)
tree	4c02a42b60c7c6305d11ac1838127795238e18e7 /include/net
parent	31d0bb9763efad30377505f3467f958d1ebe1e3d (diff)
download	linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.xz