src: add dynamic register allocation infrastructure

Starting Linux kernel 5.18-rc, operations on registers that already
contain the expected data are turned into noop.

Track operation on registers to use the same register through
nftnl_reg_get(). This patch introduces an LRU eviction strategy when all
the registers are in used.

nftnl_reg_get_scratch() is used to allocate a register as scratchpad
area: no tracking is performed in this case, although register eviction
might occur.

Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 75 insertions, 0 deletions

diff --git a/src/expr/meta.c b/src/expr/meta.c
index 34fbb9b..601248f 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -14,6 +14,7 @@
 #include <string.h>
 #include <arpa/inet.h>
 #include <errno.h>
+#include <net/if.h>
 #include <linux/netfilter/nf_tables.h>
 
 #include "internal.h"
@@ -132,6 +133,44 @@ nftnl_expr_meta_parse(struct nftnl_expr *e, struct nlattr *attr)
 	return 0;
 }
 
+static int nftnl_meta_reg_len(const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_meta *meta = nftnl_expr_data(e);
+
+	switch (meta->key) {
+	case NFT_META_IIFNAME:
+	case NFT_META_OIFNAME:
+	case NFT_META_IIFKIND:
+	case NFT_META_OIFKIND:
+	case NFT_META_SDIFNAME:
+	case NFT_META_BRI_IIFNAME:
+	case NFT_META_BRI_OIFNAME:
+		return IFNAMSIZ;
+	case NFT_META_TIME_NS:
+		return sizeof(uint64_t);
+	default:
+		break;
+	}
+
+	return sizeof(uint32_t);
+}
+
+static bool nftnl_meta_reg_cmp(const struct nftnl_reg *reg,
+			       const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_meta *meta = nftnl_expr_data(e);
+
+	return reg->meta.key == meta->key;
+}
+
+static void nftnl_meta_reg_update(struct nftnl_reg *reg,
+				  const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_meta *meta = nftnl_expr_data(e);
+
+	reg->meta.key = meta->key;
+}
+
 static const char *meta_key2str_array[NFT_META_MAX] = {
 	[NFT_META_LEN]		= "len",
 	[NFT_META_PROTOCOL]	= "protocol",
@@ -217,4 +256,9 @@ struct expr_ops expr_ops_meta = {
 	.parse		= nftnl_expr_meta_parse,
 	.build		= nftnl_expr_meta_build,
 	.snprintf	= nftnl_expr_meta_snprintf,
+	.reg		= {
+		.len	= nftnl_meta_reg_len,
+		.cmp	= nftnl_meta_reg_cmp,
+		.update	= nftnl_meta_reg_update,
+	},
 };
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 82747ec..8b41a9d 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -203,6 +203,32 @@ nftnl_expr_payload_parse(struct nftnl_expr *e, struct nlattr *attr)
 	return 0;
 }
 
+static int nftnl_payload_reg_len(const struct nftnl_expr *expr)
+{
+	const struct nftnl_expr_payload *payload = nftnl_expr_data(expr);
+
+	return payload->len;
+}
+
+static bool nftnl_payload_reg_cmp(const struct nftnl_reg *reg,
+				  const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_payload *payload = nftnl_expr_data(e);
+
+	return reg->payload.base == payload->base &&
+	       reg->payload.offset == payload->offset &&
+	       reg->len >= payload->len;
+}
+
+static void nftnl_payload_reg_update(struct nftnl_reg *reg,
+				     const struct nftnl_expr *e)
+{
+	const struct nftnl_expr_payload *payload = nftnl_expr_data(e);
+
+	reg->payload.base = payload->base;
+	reg->payload.offset = payload->offset;
+}
+
 static const char *base2str_array[NFT_PAYLOAD_INNER_HEADER + 1] = {
 	[NFT_PAYLOAD_LL_HEADER]		= "link",
 	[NFT_PAYLOAD_NETWORK_HEADER] 	= "network",
@@ -260,4 +286,9 @@ struct expr_ops expr_ops_payload = {
 	.parse		= nftnl_expr_payload_parse,
 	.build		= nftnl_expr_payload_build,
 	.snprintf	= nftnl_expr_payload_snprintf,
+	.reg		= {
+		.len	= nftnl_payload_reg_len,
+		.cmp	= nftnl_payload_reg_cmp,
+		.update	= nftnl_payload_reg_update,
+	},
 };