[PATCH nf-next 0/3] netfilter: nf_tables: extend retpoline workarounds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

- Skip the retpoline if-else cascade if the cpu is recent enough to not
  need the retpoline thunk.

- add objref and 'ct state' to the builtin-call list.
  This means that 'ct state established,related accept' works without
  an indirect call.

Florian Westphal (3):
  netfilter: nf_tables: add static key to skip retpoline workarounds
  netfilter: nf_tables: avoid retpoline overhead for objref calls
  netfilter: nf_tables: avoid retpoline overhead for some ct expression
    calls

 include/net/netfilter/nf_tables_core.h | 16 ++++++++
 net/netfilter/Makefile                 |  6 +++
 net/netfilter/nf_tables_core.c         | 35 +++++++++++++++-
 net/netfilter/nft_ct.c                 | 39 ++++++++++++------
 net/netfilter/nft_ct_fast.c            | 56 ++++++++++++++++++++++++++
 net/netfilter/nft_objref.c             | 12 +++---
 6 files changed, 145 insertions(+), 19 deletions(-)
 create mode 100644 net/netfilter/nft_ct_fast.c

-- 
2.38.2
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux