netfilter: nft_cmp: optimize comparison for 16-bytes

Allow up to 16-byte comparisons with a new cmp fast version. Use two 64-bit words and calculate the mask representing the bits to be compared. Make sure the comparison is 64-bit aligned and avoid out-of-bound memory access on registers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-02-07 19:25:08 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-02-09 12:00:28 +0100
commit: 23f68d462984bfda47c7bf663dca347e8e3df549 (patch)
tree: 188f5db3e4964a00c8454c699f434923dd987e45 /include/net/netfilter/nf_tables_core.h
parent: 7afa38831aee2ca2f41b22747ed8545e1887aaa9 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
index b6fb1fdff9b2..0ea7c55cea4d 100644
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -42,6 +42,14 @@ struct nft_cmp_fast_expr {
 	bool			inv;
 };
 
+struct nft_cmp16_fast_expr {
+	struct nft_data		data;
+	struct nft_data		mask;
+	u8			sreg;
+	u8			len;
+	bool			inv;
+};
+
 struct nft_immediate_expr {
 	struct nft_data		data;
 	u8			dreg;
@@ -59,6 +67,7 @@ static inline u32 nft_cmp_fast_mask(unsigned int len)
 }
 
 extern const struct nft_expr_ops nft_cmp_fast_ops;
+extern const struct nft_expr_ops nft_cmp16_fast_ops;
 
 struct nft_payload {
 	enum nft_payload_bases	base:8;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-02-07 19:25:08 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-02-09 12:00:28 +0100
commit	23f68d462984bfda47c7bf663dca347e8e3df549 (patch)
tree	188f5db3e4964a00c8454c699f434923dd987e45 /include/net/netfilter/nf_tables_core.h
parent	7afa38831aee2ca2f41b22747ed8545e1887aaa9 (diff)