netfilter: add and use nft_set_do_lookup helper

Followup patch will add a CONFIG_RETPOLINE wrapper to avoid
the ops->lookup() indirection cost for retpoline builds.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
index fd10a78..5eb6994 100644 (file)
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -88,6 +88,13 @@ extern const struct nft_set_type nft_set_bitmap_type;
 extern const struct nft_set_type nft_set_pipapo_type;
 extern const struct nft_set_type nft_set_pipapo_avx2_type;
 
+static inline bool
+nft_set_do_lookup(const struct net *net, const struct nft_set *set,
+                 const u32 *key, const struct nft_set_ext **ext)
+{
+       return set->ops->lookup(net, set, key, ext);
+}
+
 struct nft_expr;
 struct nft_regs;
 struct nft_pktinfo;

diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index a479f8a..1a85818 100644 (file)
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -33,8 +33,8 @@ void nft_lookup_eval(const struct nft_expr *expr,
        const struct net *net = nft_net(pkt);
        bool found;
 
-       found = set->ops->lookup(net, set, &regs->data[priv->sreg], &ext) ^
-                                priv->invert;
+       found = nft_set_do_lookup(net, set, &regs->data[priv->sreg], &ext) ^
+                                 priv->invert;
        if (!found) {
                ext = nft_set_catchall_lookup(net, set);
                if (!ext) {

diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
index 7e47ede..94b2327 100644 (file)
--- a/net/netfilter/nft_objref.c
+++ b/net/netfilter/nft_objref.c
@@ -9,7 +9,7 @@
 #include <linux/netlink.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter/nf_tables.h>
-#include <net/netfilter/nf_tables.h>
+#include <net/netfilter/nf_tables_core.h>
 
 #define nft_objref_priv(expr)  *((struct nft_object **)nft_expr_priv(expr))
 
@@ -110,7 +110,7 @@ static void nft_objref_map_eval(const struct nft_expr *expr,
        struct nft_object *obj;
        bool found;
 
-       found = set->ops->lookup(net, set, &regs->data[priv->sreg], &ext);
+       found = nft_set_do_lookup(net, set, &regs->data[priv->sreg], &ext);
        if (!found) {
                ext = nft_set_catchall_lookup(net, set);
                if (!ext) {