diff options
| author | Florian Westphal <fw@strlen.de> | 2018-05-07 09:22:35 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-09 04:07:02 -0400 |
| commit | 8bdf164744b2c7f63561846c01cff3db597f282d (patch) | |
| tree | 8b6fd45de50577c3feb7813ef97bf4f7f3ff640c | |
| parent | 009240940e84c1c089af88b454f7e804a4c5bd1b (diff) | |
netfilter: nft_compat: prepare for indirect info storage
Next patch will make it possible for *info to be stored in
a separate allocation instead of the expr private area.
This removes the 'expr priv area is info blob' assumption
from the match init/destroy/eval functions.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | net/netfilter/nft_compat.c | 47 |
1 files changed, 36 insertions, 11 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 870d8c29dae9..dec0afb0ffe0 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c | |||
| @@ -324,11 +324,11 @@ static int nft_target_validate(const struct nft_ctx *ctx, | |||
| 324 | return 0; | 324 | return 0; |
| 325 | } | 325 | } |
| 326 | 326 | ||
| 327 | static void nft_match_eval(const struct nft_expr *expr, | 327 | static void __nft_match_eval(const struct nft_expr *expr, |
| 328 | struct nft_regs *regs, | 328 | struct nft_regs *regs, |
| 329 | const struct nft_pktinfo *pkt) | 329 | const struct nft_pktinfo *pkt, |
| 330 | void *info) | ||
| 330 | { | 331 | { |
| 331 | void *info = nft_expr_priv(expr); | ||
| 332 | struct xt_match *match = expr->ops->data; | 332 | struct xt_match *match = expr->ops->data; |
| 333 | struct sk_buff *skb = pkt->skb; | 333 | struct sk_buff *skb = pkt->skb; |
| 334 | bool ret; | 334 | bool ret; |
| @@ -352,6 +352,13 @@ static void nft_match_eval(const struct nft_expr *expr, | |||
| 352 | } | 352 | } |
| 353 | } | 353 | } |
| 354 | 354 | ||
| 355 | static void nft_match_eval(const struct nft_expr *expr, | ||
| 356 | struct nft_regs *regs, | ||
| 357 | const struct nft_pktinfo *pkt) | ||
| 358 | { | ||
| 359 | __nft_match_eval(expr, regs, pkt, nft_expr_priv(expr)); | ||
| 360 | } | ||
| 361 | |||
| 355 | static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = { | 362 | static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = { |
| 356 | [NFTA_MATCH_NAME] = { .type = NLA_NUL_STRING }, | 363 | [NFTA_MATCH_NAME] = { .type = NLA_NUL_STRING }, |
| 357 | [NFTA_MATCH_REV] = { .type = NLA_U32 }, | 364 | [NFTA_MATCH_REV] = { .type = NLA_U32 }, |
| @@ -412,10 +419,10 @@ static void match_compat_from_user(struct xt_match *m, void *in, void *out) | |||
| 412 | } | 419 | } |
| 413 | 420 | ||
| 414 | static int | 421 | static int |
| 415 | nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, | 422 | __nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, |
| 416 | const struct nlattr * const tb[]) | 423 | const struct nlattr * const tb[], |
| 424 | void *info) | ||
| 417 | { | 425 | { |
| 418 | void *info = nft_expr_priv(expr); | ||
| 419 | struct xt_match *match = expr->ops->data; | 426 | struct xt_match *match = expr->ops->data; |
| 420 | struct xt_mtchk_param par; | 427 | struct xt_mtchk_param par; |
| 421 | size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO])); | 428 | size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO])); |
| @@ -444,11 +451,18 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, | |||
| 444 | return 0; | 451 | return 0; |
| 445 | } | 452 | } |
| 446 | 453 | ||
| 454 | static int | ||
| 455 | nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, | ||
| 456 | const struct nlattr * const tb[]) | ||
| 457 | { | ||
| 458 | return __nft_match_init(ctx, expr, tb, nft_expr_priv(expr)); | ||
| 459 | } | ||
| 460 | |||
| 447 | static void | 461 | static void |
| 448 | nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) | 462 | __nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr, |
| 463 | void *info) | ||
| 449 | { | 464 | { |
| 450 | struct xt_match *match = expr->ops->data; | 465 | struct xt_match *match = expr->ops->data; |
| 451 | void *info = nft_expr_priv(expr); | ||
| 452 | struct xt_mtdtor_param par; | 466 | struct xt_mtdtor_param par; |
| 453 | 467 | ||
| 454 | par.net = ctx->net; | 468 | par.net = ctx->net; |
| @@ -462,9 +476,15 @@ nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) | |||
| 462 | module_put(match->me); | 476 | module_put(match->me); |
| 463 | } | 477 | } |
| 464 | 478 | ||
| 465 | static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr) | 479 | static void |
| 480 | nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) | ||
| 481 | { | ||
| 482 | __nft_match_destroy(ctx, expr, nft_expr_priv(expr)); | ||
| 483 | } | ||
| 484 | |||
| 485 | static int __nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr, | ||
| 486 | void *info) | ||
| 466 | { | 487 | { |
| 467 | void *info = nft_expr_priv(expr); | ||
| 468 | struct xt_match *match = expr->ops->data; | 488 | struct xt_match *match = expr->ops->data; |
| 469 | 489 | ||
| 470 | if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) || | 490 | if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) || |
| @@ -478,6 +498,11 @@ nla_put_failure: | |||
| 478 | return -1; | 498 | return -1; |
| 479 | } | 499 | } |
| 480 | 500 | ||
| 501 | static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr) | ||
| 502 | { | ||
| 503 | return __nft_match_dump(skb, expr, nft_expr_priv(expr)); | ||
| 504 | } | ||
| 505 | |||
| 481 | static int nft_match_validate(const struct nft_ctx *ctx, | 506 | static int nft_match_validate(const struct nft_ctx *ctx, |
| 482 | const struct nft_expr *expr, | 507 | const struct nft_expr *expr, |
| 483 | const struct nft_data **data) | 508 | const struct nft_data **data) |