diff options
author | Phil Sutter <phil@nwl.cc> | 2020-10-30 14:08:33 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-11-04 15:39:23 +0100 |
commit | 274cb05edc58d6fa982a34c84b2f4cf6acc3e335 (patch) | |
tree | c6575d918216e25f5328a4e19fe94f6c58fee92d /iptables/nft-shared.c | |
parent | 323259001d617ae359430a03ee3d3e7f107684e0 (diff) |
ebtables: Optimize masked MAC address matches
Just like with class-based prefix matches in iptables-nft, optimize
masked MAC address matches if the mask is on a byte-boundary.
To reuse the logic in add_addr(), extend it to accept the payload base
value via parameter.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 545e9c60..10553ab2 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -20,7 +20,6 @@ #include <xtables.h> -#include <linux/netfilter/nf_tables.h> #include <linux/netfilter/xt_comment.h> #include <linux/netfilter/xt_limit.h> @@ -162,7 +161,7 @@ void add_outiface(struct nftnl_rule *r, char *iface, uint32_t op) add_cmp_ptr(r, op, iface, iface_len + 1); } -void add_addr(struct nftnl_rule *r, int offset, +void add_addr(struct nftnl_rule *r, enum nft_payload_bases base, int offset, void *data, void *mask, size_t len, uint32_t op) { const unsigned char *m = mask; @@ -179,7 +178,7 @@ void add_addr(struct nftnl_rule *r, int offset, if (!bitwise) len = i; - add_payload(r, offset, len, NFT_PAYLOAD_NETWORK_HEADER); + add_payload(r, offset, len, base); if (bitwise) add_bitwise(r, mask, len); |