1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From 6fda2e62b3a2ab9acf5ac27b3d20745f3def32ae Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Tue, 27 Sep 2022 16:22:05 +0200
Subject: [PATCH 62/96] netfilter: reduce match memory access
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/ipv4/netfilter/ip_tables.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 76c01661c4e4..e58342c5354a 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -53,9 +53,9 @@ ip_packet_match(const struct iphdr *ip,
if (ipinfo->flags & IPT_F_NO_DEF_MATCH)
return true;
- if (NF_INVF(ipinfo, IPT_INV_SRCIP,
+ if (NF_INVF(ipinfo, IPT_INV_SRCIP, ipinfo->smsk.s_addr &&
(ip->saddr & ipinfo->smsk.s_addr) != ipinfo->src.s_addr) ||
- NF_INVF(ipinfo, IPT_INV_DSTIP,
+ NF_INVF(ipinfo, IPT_INV_DSTIP, ipinfo->dmsk.s_addr &&
(ip->daddr & ipinfo->dmsk.s_addr) != ipinfo->dst.s_addr))
return false;
--
2.37.2
|
