netfilter: nf_tables: Enable fast nft_cmp for inverted matches

Add a boolean indicating NFT_CMP_NEQ. To include it into the match decision, it is sufficient to XOR it with the data comparison's result. While being at it, store the mask that is calculated during expression init and free the eval routine from having to recalculate it each time. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2020-10-02 15:50:56 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-10-04 21:08:32 +0200
commit: 5f48846daf3321f8a1f8aa99cd6173e3980b7a29 (patch)
tree: 2c0ef0d3fbf4beaa4374d2857588192575b64a06 /net/netfilter/nf_tables_core.c
parent: ab6c41eefd46b92e4f5bcdbbc6c1ea39ed148274 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index 587897a2498b..e92feacaf551 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -51,9 +51,8 @@ static void nft_cmp_fast_eval(const struct nft_expr *expr,
 			      struct nft_regs *regs)
 {
 	const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr);
-	u32 mask = nft_cmp_fast_mask(priv->len);
 
-	if ((regs->data[priv->sreg] & mask) == priv->data)
+	if (((regs->data[priv->sreg] & priv->mask) == priv->data) ^ priv->inv)
 		return;
 	regs->verdict.code = NFT_BREAK;
 }
author	Phil Sutter <phil@nwl.cc>	2020-10-02 15:50:56 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-10-04 21:08:32 +0200
commit	5f48846daf3321f8a1f8aa99cd6173e3980b7a29 (patch)
tree	2c0ef0d3fbf4beaa4374d2857588192575b64a06 /net/netfilter/nf_tables_core.c
parent	ab6c41eefd46b92e4f5bcdbbc6c1ea39ed148274 (diff)