diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-10 21:27:32 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-13 11:17:24 -0400 |
| commit | 1ca2e1702c050aff352cb3efc8a649363dbaeab2 (patch) | |
| tree | eda063c0eaf84719070e5ccf7f00b9827c6caa8f /net | |
| parent | a55e22e92f1a31018e6dc8fce35380900f022c24 (diff) | |
netfilter: nf_tables: use struct nft_verdict within struct nft_data
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 38 |
1 files changed, 21 insertions, 17 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index d47f12b2af25..0bb16a1561d2 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -4049,10 +4049,10 @@ static int nf_tables_loop_check_setelem(const struct nft_ctx *ctx, | |||
| 4049 | return 0; | 4049 | return 0; |
| 4050 | 4050 | ||
| 4051 | data = nft_set_ext_data(ext); | 4051 | data = nft_set_ext_data(ext); |
| 4052 | switch (data->verdict) { | 4052 | switch (data->verdict.code) { |
| 4053 | case NFT_JUMP: | 4053 | case NFT_JUMP: |
| 4054 | case NFT_GOTO: | 4054 | case NFT_GOTO: |
| 4055 | return nf_tables_check_loops(ctx, data->chain); | 4055 | return nf_tables_check_loops(ctx, data->verdict.chain); |
| 4056 | default: | 4056 | default: |
| 4057 | return 0; | 4057 | return 0; |
| 4058 | } | 4058 | } |
| @@ -4085,10 +4085,11 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, | |||
| 4085 | if (data == NULL) | 4085 | if (data == NULL) |
| 4086 | continue; | 4086 | continue; |
| 4087 | 4087 | ||
| 4088 | switch (data->verdict) { | 4088 | switch (data->verdict.code) { |
| 4089 | case NFT_JUMP: | 4089 | case NFT_JUMP: |
| 4090 | case NFT_GOTO: | 4090 | case NFT_GOTO: |
| 4091 | err = nf_tables_check_loops(ctx, data->chain); | 4091 | err = nf_tables_check_loops(ctx, |
| 4092 | data->verdict.chain); | ||
| 4092 | if (err < 0) | 4093 | if (err < 0) |
| 4093 | return err; | 4094 | return err; |
| 4094 | default: | 4095 | default: |
| @@ -4171,15 +4172,17 @@ int nft_validate_register_store(const struct nft_ctx *ctx, | |||
| 4171 | return -EINVAL; | 4172 | return -EINVAL; |
| 4172 | 4173 | ||
| 4173 | if (data != NULL && | 4174 | if (data != NULL && |
| 4174 | (data->verdict == NFT_GOTO || data->verdict == NFT_JUMP)) { | 4175 | (data->verdict.code == NFT_GOTO || |
| 4175 | err = nf_tables_check_loops(ctx, data->chain); | 4176 | data->verdict.code == NFT_JUMP)) { |
| 4177 | err = nf_tables_check_loops(ctx, data->verdict.chain); | ||
| 4176 | if (err < 0) | 4178 | if (err < 0) |
| 4177 | return err; | 4179 | return err; |
| 4178 | 4180 | ||
| 4179 | if (ctx->chain->level + 1 > data->chain->level) { | 4181 | if (ctx->chain->level + 1 > |
| 4182 | data->verdict.chain->level) { | ||
| 4180 | if (ctx->chain->level + 1 == NFT_JUMP_STACK_SIZE) | 4183 | if (ctx->chain->level + 1 == NFT_JUMP_STACK_SIZE) |
| 4181 | return -EMLINK; | 4184 | return -EMLINK; |
| 4182 | data->chain->level = ctx->chain->level + 1; | 4185 | data->verdict.chain->level = ctx->chain->level + 1; |
| 4183 | } | 4186 | } |
| 4184 | } | 4187 | } |
| 4185 | 4188 | ||
| @@ -4220,11 +4223,11 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, | |||
| 4220 | 4223 | ||
| 4221 | if (!tb[NFTA_VERDICT_CODE]) | 4224 | if (!tb[NFTA_VERDICT_CODE]) |
| 4222 | return -EINVAL; | 4225 | return -EINVAL; |
| 4223 | data->verdict = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE])); | 4226 | data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE])); |
| 4224 | 4227 | ||
| 4225 | switch (data->verdict) { | 4228 | switch (data->verdict.code) { |
| 4226 | default: | 4229 | default: |
| 4227 | switch (data->verdict & NF_VERDICT_MASK) { | 4230 | switch (data->verdict.code & NF_VERDICT_MASK) { |
| 4228 | case NF_ACCEPT: | 4231 | case NF_ACCEPT: |
| 4229 | case NF_DROP: | 4232 | case NF_DROP: |
| 4230 | case NF_QUEUE: | 4233 | case NF_QUEUE: |
| @@ -4250,7 +4253,7 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, | |||
| 4250 | return -EOPNOTSUPP; | 4253 | return -EOPNOTSUPP; |
| 4251 | 4254 | ||
| 4252 | chain->use++; | 4255 | chain->use++; |
| 4253 | data->chain = chain; | 4256 | data->verdict.chain = chain; |
| 4254 | desc->len = sizeof(data); | 4257 | desc->len = sizeof(data); |
| 4255 | break; | 4258 | break; |
| 4256 | } | 4259 | } |
| @@ -4261,10 +4264,10 @@ static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, | |||
| 4261 | 4264 | ||
| 4262 | static void nft_verdict_uninit(const struct nft_data *data) | 4265 | static void nft_verdict_uninit(const struct nft_data *data) |
| 4263 | { | 4266 | { |
| 4264 | switch (data->verdict) { | 4267 | switch (data->verdict.code) { |
| 4265 | case NFT_JUMP: | 4268 | case NFT_JUMP: |
| 4266 | case NFT_GOTO: | 4269 | case NFT_GOTO: |
| 4267 | data->chain->use--; | 4270 | data->verdict.chain->use--; |
| 4268 | break; | 4271 | break; |
| 4269 | } | 4272 | } |
| 4270 | } | 4273 | } |
| @@ -4277,13 +4280,14 @@ static int nft_verdict_dump(struct sk_buff *skb, const struct nft_data *data) | |||
| 4277 | if (!nest) | 4280 | if (!nest) |
| 4278 | goto nla_put_failure; | 4281 | goto nla_put_failure; |
| 4279 | 4282 | ||
| 4280 | if (nla_put_be32(skb, NFTA_VERDICT_CODE, htonl(data->verdict))) | 4283 | if (nla_put_be32(skb, NFTA_VERDICT_CODE, htonl(data->verdict.code))) |
| 4281 | goto nla_put_failure; | 4284 | goto nla_put_failure; |
| 4282 | 4285 | ||
| 4283 | switch (data->verdict) { | 4286 | switch (data->verdict.code) { |
| 4284 | case NFT_JUMP: | 4287 | case NFT_JUMP: |
| 4285 | case NFT_GOTO: | 4288 | case NFT_GOTO: |
| 4286 | if (nla_put_string(skb, NFTA_VERDICT_CHAIN, data->chain->name)) | 4289 | if (nla_put_string(skb, NFTA_VERDICT_CHAIN, |
| 4290 | data->verdict.chain->name)) | ||
| 4287 | goto nla_put_failure; | 4291 | goto nla_put_failure; |
| 4288 | } | 4292 | } |
| 4289 | nla_nest_end(skb, nest); | 4293 | nla_nest_end(skb, nest); |