From 56859380eb3282218863d827b7df822c7b0fd67c Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sat, 5 May 2018 19:34:57 +0200 Subject: xtables-compat: avoid unneeded bitwise ops no need to and with all-ones mask. Signed-off-by: Florian Westphal --- iptables/nft-bridge.c | 16 ++++++++++++---- iptables/nft-shared.c | 12 +++++++++++- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/iptables/nft-bridge.c b/iptables/nft-bridge.c index e1c82f03..0ff1ec1c 100644 --- a/iptables/nft-bridge.c +++ b/iptables/nft-bridge.c @@ -54,10 +54,16 @@ static void ebt_print_mac(const unsigned char *mac) printf("%s", ether_ntoa((struct ether_addr *) mac)); } +static bool mac_all_ones(const unsigned char *mac) +{ + static const char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + + return memcmp(mac, hlpmsk, sizeof(hlpmsk)) == 0; +} + /* Put the mac address into 6 (ETH_ALEN) bytes returns 0 on success. */ static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char *mask) { - char hlpmsk[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; if (!memcmp(mac, eb_mac_type_unicast, 6) && !memcmp(mask, eb_msk_type_unicast, 6)) @@ -73,7 +79,7 @@ static void ebt_print_mac_and_mask(const unsigned char *mac, const unsigned char printf("BGA"); else { ebt_print_mac(mac); - if (memcmp(mask, hlpmsk, 6)) { + if (!mac_all_ones(mask)) { printf("/"); ebt_print_mac(mask); } @@ -184,7 +190,8 @@ static int nft_bridge_add(struct nftnl_rule *r, void *data) op = nft_invflags2cmp(fw->invflags, EBT_ISOURCE); add_payload(r, offsetof(struct ethhdr, h_source), 6, NFT_PAYLOAD_LL_HEADER); - add_bitwise(r, fw->sourcemsk, 6); + if (!mac_all_ones(fw->sourcemsk)) + add_bitwise(r, fw->sourcemsk, 6); add_cmp_ptr(r, op, fw->sourcemac, 6); } @@ -193,7 +200,8 @@ static int nft_bridge_add(struct nftnl_rule *r, void *data) op = nft_invflags2cmp(fw->invflags, EBT_IDEST); add_payload(r, offsetof(struct ethhdr, h_dest), 6, NFT_PAYLOAD_LL_HEADER); - add_bitwise(r, fw->destmsk, 6); + if (!mac_all_ones(fw->destmsk)) + add_bitwise(r, fw->destmsk, 6); add_cmp_ptr(r, op, fw->destmac, 6); } diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index e2fc226c..740b61bb 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -160,8 +160,18 @@ void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op) void add_addr(struct nftnl_rule *r, int offset, void *data, void *mask, size_t len, uint32_t op) { + const char *m = mask; + int i; + add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER); - add_bitwise(r, mask, len); + + for (i = 0; i < len; i++) { + if (m[i] != 0xff) + break; + } + + if (i != len) + add_bitwise(r, mask, len); add_cmp_ptr(r, op, data, len); } -- cgit v1.2.3