netfilter: nf_tables: Add new attributes into nft_set to store user data.

User data is stored at after 'nft_set_ops' private data into 'data[]' flexible array. The field 'udata' points to user data and 'udlen' stores its length. Add new flag NFTA_SET_USERDATA. Signed-off-by: Carlos Falgueras García <carlosfg@riseup.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Carlos Falgueras García <carlosfg@riseup.net> 2016-01-05 08:03:32 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-01-08 07:25:08 -0500
commit: e6d8ecac9e68265aee9be711c5bd29406129666f (patch)
tree: a1e8d8a2c5bf0bc7b3c5bb89bbb9ac2e4305ece2 /net/netfilter
parent: eb075954e9fde114f57adc39a9ea6d379c13f81e (diff)
1 files changed, 20 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f5c397158e29..2011977cd79d 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2323,6 +2323,8 @@ static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
        [NFTA_SET_ID]                   = { .type = NLA_U32 },
        [NFTA_SET_TIMEOUT]              = { .type = NLA_U64 },
        [NFTA_SET_GC_INTERVAL]          = { .type = NLA_U32 },
+        [NFTA_SET_USERDATA]             = { .type = NLA_BINARY,
+                                            .len  = NFT_USERDATA_MAXLEN },
 };
 static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
@@ -2482,6 +2484,9 @@ static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx,
                        goto nla_put_failure;
        }
+        if (nla_put(skb, NFTA_SET_USERDATA, set->udlen, set->udata))
+                goto nla_put_failure;
        desc = nla_nest_start(skb, NFTA_SET_DESC);
        if (desc == NULL)
                goto nla_put_failure;
@@ -2691,6 +2696,8 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
        u64 timeout;
        u32 ktype, dtype, flags, policy, gc_int;
        struct nft_set_desc desc;
+        unsigned char *udata;
+        u16 udlen;
        int err;
        if (nla[NFTA_SET_TABLE] == NULL ||
@@ -2803,12 +2810,16 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
        if (IS_ERR(ops))
                return PTR_ERR(ops);
+        udlen = 0;
+        if (nla[NFTA_SET_USERDATA])
+                udlen = nla_len(nla[NFTA_SET_USERDATA]);
        size = 0;
        if (ops->privsize != NULL)
                size = ops->privsize(nla);
        err = -ENOMEM;
-        set = kzalloc(sizeof(*set) + size, GFP_KERNEL);
+        set = kzalloc(sizeof(*set) + size + udlen, GFP_KERNEL);
        if (set == NULL)
                goto err1;
@@ -2817,6 +2828,12 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
        if (err < 0)
                goto err2;
+        udata = NULL;
+        if (udlen) {
+                udata = set->data + size;
+                nla_memcpy(udata, nla[NFTA_SET_USERDATA], udlen);
+        }
        INIT_LIST_HEAD(&set->bindings);
        write_pnet(&set->pnet, net);
        set->ops   = ops;
@@ -2827,6 +2844,8 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
        set->flags = flags;
        set->size  = desc.size;
        set->policy = policy;
+        set->udlen  = udlen;
+        set->udata  = udata;
        set->timeout = timeout;
        set->gc_int = gc_int;
author	Carlos Falgueras García <carlosfg@riseup.net>	2016-01-05 08:03:32 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-01-08 07:25:08 -0500
commit	e6d8ecac9e68265aee9be711c5bd29406129666f (patch)
tree	a1e8d8a2c5bf0bc7b3c5bb89bbb9ac2e4305ece2 /net/netfilter
parent	eb075954e9fde114f57adc39a9ea6d379c13f81e (diff)