netfilter: nf_tables: do not reduce read-only expressions

Skip register tracking for expressions that perform read-only operations on the registers. Define and use a cookie pointer NFT_REDUCE_READONLY to avoid defining stubs for these expressions. This patch re-enables register tracking which was disabled in ed5f85d42290 ("netfilter: nf_tables: disable register tracking"). Follow up patches add remaining register tracking for existing expressions. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-14 18:23:00 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-03-20 00:29:46 +0100
commit: b2d306542ff935a4edf7a88ba8145c108193442a (patch)
tree: 4c02a42b60c7c6305d11ac1838127795238e18e7 /net/netfilter/nft_ct.c
parent: 31d0bb9763efad30377505f3467f958d1ebe1e3d (diff)
download: linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.gz
linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.bz2
linux-b2d306542ff935a4edf7a88ba8145c108193442a.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index 9c7472af9e4a..1ec9a7e96e59 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -785,6 +785,7 @@ static const struct nft_expr_ops nft_notrack_ops = {
 	.type		= &nft_notrack_type,
 	.size		= NFT_EXPR_SIZE(0),
 	.eval		= nft_notrack_eval,
+	.reduce		= NFT_REDUCE_READONLY,
 };
 
 static struct nft_expr_type nft_notrack_type __read_mostly = {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-14 18:23:00 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-03-20 00:29:46 +0100
commit	b2d306542ff935a4edf7a88ba8145c108193442a (patch)
tree	4c02a42b60c7c6305d11ac1838127795238e18e7 /net/netfilter/nft_ct.c
parent	31d0bb9763efad30377505f3467f958d1ebe1e3d (diff)
download	linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.gz linux-b2d306542ff935a4edf7a88ba8145c108193442a.tar.bz2 linux-b2d306542ff935a4edf7a88ba8145c108193442a.zip