diff options
author | Phil Sutter <phil@nwl.cc> | 2020-10-30 14:08:33 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-11-04 15:39:23 +0100 |
commit | 274cb05edc58d6fa982a34c84b2f4cf6acc3e335 (patch) | |
tree | c6575d918216e25f5328a4e19fe94f6c58fee92d /iptables/nft-arp.c | |
parent | 323259001d617ae359430a03ee3d3e7f107684e0 (diff) |
ebtables: Optimize masked MAC address matches
Just like with class-based prefix matches in iptables-nft, optimize
masked MAC address matches if the mask is on a byte-boundary.
To reuse the logic in add_addr(), extend it to accept the payload base
value via parameter.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-arp.c')
-rw-r--r-- | iptables/nft-arp.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 952f0c69..5dc38da8 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -178,7 +178,8 @@ static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data) if (need_devaddr(&fw->arp.src_devaddr)) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_SRCDEVADDR); - add_addr(r, sizeof(struct arphdr), + add_addr(r, NFT_PAYLOAD_NETWORK_HEADER, + sizeof(struct arphdr), &fw->arp.src_devaddr.addr, &fw->arp.src_devaddr.mask, fw->arp.arhln, op); @@ -189,7 +190,8 @@ static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data) fw->arp.smsk.s_addr != 0 || fw->arp.invflags & ARPT_INV_SRCIP) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_SRCIP); - add_addr(r, sizeof(struct arphdr) + fw->arp.arhln, + add_addr(r, NFT_PAYLOAD_NETWORK_HEADER, + sizeof(struct arphdr) + fw->arp.arhln, &fw->arp.src.s_addr, &fw->arp.smsk.s_addr, sizeof(struct in_addr), op); } @@ -197,7 +199,8 @@ static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data) if (need_devaddr(&fw->arp.tgt_devaddr)) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_TGTDEVADDR); - add_addr(r, sizeof(struct arphdr) + fw->arp.arhln + sizeof(struct in_addr), + add_addr(r, NFT_PAYLOAD_NETWORK_HEADER, + sizeof(struct arphdr) + fw->arp.arhln + sizeof(struct in_addr), &fw->arp.tgt_devaddr.addr, &fw->arp.tgt_devaddr.mask, fw->arp.arhln, op); @@ -207,7 +210,8 @@ static int nft_arp_add(struct nft_handle *h, struct nftnl_rule *r, void *data) fw->arp.tmsk.s_addr != 0 || fw->arp.invflags & ARPT_INV_TGTIP) { op = nft_invflags2cmp(fw->arp.invflags, ARPT_INV_TGTIP); - add_addr(r, sizeof(struct arphdr) + fw->arp.arhln + sizeof(struct in_addr) + fw->arp.arhln, + add_addr(r, NFT_PAYLOAD_NETWORK_HEADER, + sizeof(struct arphdr) + fw->arp.arhln + sizeof(struct in_addr) + fw->arp.arhln, &fw->arp.tgt.s_addr, &fw->arp.tmsk.s_addr, sizeof(struct in_addr), op); } |