netfilter: nf_tables: do not reduce read-only expressions

Skip register tracking for expressions that perform read-only operations on the registers. Define and use a cookie pointer NFT_REDUCE_READONLY to avoid defining stubs for these expressions. This patch re-enables register tracking which was disabled in ed5f85d42290 ("netfilter: nf_tables: disable register tracking"). Follow up patches add remaining register tracking for existing expressions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-14 18:23:00 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-20 00:29:46 +0100
commit: b2d306542ff935a4edf7a88ba8145c108193442a (patch)
tree: 4c02a42b60c7c6305d11ac1838127795238e18e7 /net/netfilter/nft_compat.c
parent: 31d0bb9763efad30377505f3467f958d1ebe1e3d (diff)
download: linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 5a46d8289d1d9..c16172427622e 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -871,6 +871,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
 	ops->dump = nft_target_dump;
 	ops->validate = nft_target_validate;
 	ops->data = target;
+	ops->reduce = NFT_REDUCE_READONLY;
 
 	if (family == NFPROTO_BRIDGE)
 		ops->eval = nft_target_eval_bridge;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-14 18:23:00 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-20 00:29:46 +0100
commit	b2d306542ff935a4edf7a88ba8145c108193442a (patch)
tree	4c02a42b60c7c6305d11ac1838127795238e18e7 /net/netfilter/nft_compat.c
parent	31d0bb9763efad30377505f3467f958d1ebe1e3d (diff)
download	linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.gz