This adds a nft_set_do_lookup() helper, then extends it to use direct calls when RETPOLINE feature is enabled. For non-retpoline builds, nft_set_do_lookup() inline helper does a indirect call. INDIRECT_CALLABLE_SCOPE macro allows to keep the lookup functions static in this case. Florian Westphal (2): netfilter: add and use nft_set_do_lookup helper netfilter: nf_tables: prefer direct calls for set lookups include/net/netfilter/nf_tables_core.h | 30 ++++++++++++++++++++++ net/netfilter/nft_lookup.c | 35 ++++++++++++++++++++++++-- net/netfilter/nft_objref.c | 4 +-- net/netfilter/nft_set_bitmap.c | 5 ++-- net/netfilter/nft_set_hash.c | 17 +++++++------ net/netfilter/nft_set_pipapo.c | 5 ++-- net/netfilter/nft_set_pipapo_avx2.h | 2 -- net/netfilter/nft_set_rbtree.c | 5 ++-- 8 files changed, 84 insertions(+), 19 deletions(-) -- 2.26.3
