diff options
| author | Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2014-04-14 08:41:27 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-23 07:55:30 -0400 |
| commit | aa45660c6b59388fac3995a8c2998d710ef28fd4 (patch) | |
| tree | 2d18122c239e5ce5bee263ac833df78d992c4de0 | |
| parent | 758dbcecf180a161e15971a2674fa6e65622a281 (diff) | |
netfilter: nf_tables: Make meta expression core functions public
This will be useful to create network family dedicated META expression
as for NFPROTO_BRIDGE for instance.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/net/netfilter/nft_meta.h | 36 | ||||
| -rw-r--r-- | net/netfilter/nft_meta.c | 50 |
2 files changed, 61 insertions, 25 deletions
diff --git a/include/net/netfilter/nft_meta.h b/include/net/netfilter/nft_meta.h new file mode 100644 index 000000000000..0ee47c3e2e31 --- /dev/null +++ b/include/net/netfilter/nft_meta.h | |||
| @@ -0,0 +1,36 @@ | |||
| 1 | #ifndef _NFT_META_H_ | ||
| 2 | #define _NFT_META_H_ | ||
| 3 | |||
| 4 | struct nft_meta { | ||
| 5 | enum nft_meta_keys key:8; | ||
| 6 | union { | ||
| 7 | enum nft_registers dreg:8; | ||
| 8 | enum nft_registers sreg:8; | ||
| 9 | }; | ||
| 10 | }; | ||
| 11 | |||
| 12 | extern const struct nla_policy nft_meta_policy[]; | ||
| 13 | |||
| 14 | int nft_meta_get_init(const struct nft_ctx *ctx, | ||
| 15 | const struct nft_expr *expr, | ||
| 16 | const struct nlattr * const tb[]); | ||
| 17 | |||
| 18 | int nft_meta_set_init(const struct nft_ctx *ctx, | ||
| 19 | const struct nft_expr *expr, | ||
| 20 | const struct nlattr * const tb[]); | ||
| 21 | |||
| 22 | int nft_meta_get_dump(struct sk_buff *skb, | ||
| 23 | const struct nft_expr *expr); | ||
| 24 | |||
| 25 | int nft_meta_set_dump(struct sk_buff *skb, | ||
| 26 | const struct nft_expr *expr); | ||
| 27 | |||
| 28 | void nft_meta_get_eval(const struct nft_expr *expr, | ||
| 29 | struct nft_data data[NFT_REG_MAX + 1], | ||
| 30 | const struct nft_pktinfo *pkt); | ||
| 31 | |||
| 32 | void nft_meta_set_eval(const struct nft_expr *expr, | ||
| 33 | struct nft_data data[NFT_REG_MAX + 1], | ||
| 34 | const struct nft_pktinfo *pkt); | ||
| 35 | |||
| 36 | #endif | ||
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 6d0b8cc27f2a..852b178c6ae7 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c | |||
| @@ -18,18 +18,11 @@ | |||
| 18 | #include <net/sock.h> | 18 | #include <net/sock.h> |
| 19 | #include <net/tcp_states.h> /* for TCP_TIME_WAIT */ | 19 | #include <net/tcp_states.h> /* for TCP_TIME_WAIT */ |
| 20 | #include <net/netfilter/nf_tables.h> | 20 | #include <net/netfilter/nf_tables.h> |
| 21 | #include <net/netfilter/nft_meta.h> | ||
| 21 | 22 | ||
| 22 | struct nft_meta { | 23 | void nft_meta_get_eval(const struct nft_expr *expr, |
| 23 | enum nft_meta_keys key:8; | 24 | struct nft_data data[NFT_REG_MAX + 1], |
| 24 | union { | 25 | const struct nft_pktinfo *pkt) |
| 25 | enum nft_registers dreg:8; | ||
| 26 | enum nft_registers sreg:8; | ||
| 27 | }; | ||
| 28 | }; | ||
| 29 | |||
| 30 | static void nft_meta_get_eval(const struct nft_expr *expr, | ||
| 31 | struct nft_data data[NFT_REG_MAX + 1], | ||
| 32 | const struct nft_pktinfo *pkt) | ||
| 33 | { | 26 | { |
| 34 | const struct nft_meta *priv = nft_expr_priv(expr); | 27 | const struct nft_meta *priv = nft_expr_priv(expr); |
| 35 | const struct sk_buff *skb = pkt->skb; | 28 | const struct sk_buff *skb = pkt->skb; |
| @@ -140,10 +133,11 @@ static void nft_meta_get_eval(const struct nft_expr *expr, | |||
| 140 | err: | 133 | err: |
| 141 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 134 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; |
| 142 | } | 135 | } |
| 136 | EXPORT_SYMBOL_GPL(nft_meta_get_eval); | ||
| 143 | 137 | ||
| 144 | static void nft_meta_set_eval(const struct nft_expr *expr, | 138 | void nft_meta_set_eval(const struct nft_expr *expr, |
| 145 | struct nft_data data[NFT_REG_MAX + 1], | 139 | struct nft_data data[NFT_REG_MAX + 1], |
| 146 | const struct nft_pktinfo *pkt) | 140 | const struct nft_pktinfo *pkt) |
| 147 | { | 141 | { |
| 148 | const struct nft_meta *meta = nft_expr_priv(expr); | 142 | const struct nft_meta *meta = nft_expr_priv(expr); |
| 149 | struct sk_buff *skb = pkt->skb; | 143 | struct sk_buff *skb = pkt->skb; |
| @@ -163,16 +157,18 @@ static void nft_meta_set_eval(const struct nft_expr *expr, | |||
| 163 | WARN_ON(1); | 157 | WARN_ON(1); |
| 164 | } | 158 | } |
| 165 | } | 159 | } |
| 160 | EXPORT_SYMBOL_GPL(nft_meta_set_eval); | ||
| 166 | 161 | ||
| 167 | static const struct nla_policy nft_meta_policy[NFTA_META_MAX + 1] = { | 162 | const struct nla_policy nft_meta_policy[NFTA_META_MAX + 1] = { |
| 168 | [NFTA_META_DREG] = { .type = NLA_U32 }, | 163 | [NFTA_META_DREG] = { .type = NLA_U32 }, |
| 169 | [NFTA_META_KEY] = { .type = NLA_U32 }, | 164 | [NFTA_META_KEY] = { .type = NLA_U32 }, |
| 170 | [NFTA_META_SREG] = { .type = NLA_U32 }, | 165 | [NFTA_META_SREG] = { .type = NLA_U32 }, |
| 171 | }; | 166 | }; |
| 167 | EXPORT_SYMBOL_GPL(nft_meta_policy); | ||
| 172 | 168 | ||
| 173 | static int nft_meta_get_init(const struct nft_ctx *ctx, | 169 | int nft_meta_get_init(const struct nft_ctx *ctx, |
| 174 | const struct nft_expr *expr, | 170 | const struct nft_expr *expr, |
| 175 | const struct nlattr * const tb[]) | 171 | const struct nlattr * const tb[]) |
| 176 | { | 172 | { |
| 177 | struct nft_meta *priv = nft_expr_priv(expr); | 173 | struct nft_meta *priv = nft_expr_priv(expr); |
| 178 | int err; | 174 | int err; |
| @@ -215,10 +211,11 @@ static int nft_meta_get_init(const struct nft_ctx *ctx, | |||
| 215 | 211 | ||
| 216 | return 0; | 212 | return 0; |
| 217 | } | 213 | } |
| 214 | EXPORT_SYMBOL_GPL(nft_meta_get_init); | ||
| 218 | 215 | ||
| 219 | static int nft_meta_set_init(const struct nft_ctx *ctx, | 216 | int nft_meta_set_init(const struct nft_ctx *ctx, |
| 220 | const struct nft_expr *expr, | 217 | const struct nft_expr *expr, |
| 221 | const struct nlattr * const tb[]) | 218 | const struct nlattr * const tb[]) |
| 222 | { | 219 | { |
| 223 | struct nft_meta *priv = nft_expr_priv(expr); | 220 | struct nft_meta *priv = nft_expr_priv(expr); |
| 224 | int err; | 221 | int err; |
| @@ -240,9 +237,10 @@ static int nft_meta_set_init(const struct nft_ctx *ctx, | |||
| 240 | 237 | ||
| 241 | return 0; | 238 | return 0; |
| 242 | } | 239 | } |
| 240 | EXPORT_SYMBOL_GPL(nft_meta_set_init); | ||
| 243 | 241 | ||
| 244 | static int nft_meta_get_dump(struct sk_buff *skb, | 242 | int nft_meta_get_dump(struct sk_buff *skb, |
| 245 | const struct nft_expr *expr) | 243 | const struct nft_expr *expr) |
| 246 | { | 244 | { |
| 247 | const struct nft_meta *priv = nft_expr_priv(expr); | 245 | const struct nft_meta *priv = nft_expr_priv(expr); |
| 248 | 246 | ||
| @@ -255,9 +253,10 @@ static int nft_meta_get_dump(struct sk_buff *skb, | |||
| 255 | nla_put_failure: | 253 | nla_put_failure: |
| 256 | return -1; | 254 | return -1; |
| 257 | } | 255 | } |
| 256 | EXPORT_SYMBOL_GPL(nft_meta_get_dump); | ||
| 258 | 257 | ||
| 259 | static int nft_meta_set_dump(struct sk_buff *skb, | 258 | int nft_meta_set_dump(struct sk_buff *skb, |
| 260 | const struct nft_expr *expr) | 259 | const struct nft_expr *expr) |
| 261 | { | 260 | { |
| 262 | const struct nft_meta *priv = nft_expr_priv(expr); | 261 | const struct nft_meta *priv = nft_expr_priv(expr); |
| 263 | 262 | ||
| @@ -271,6 +270,7 @@ static int nft_meta_set_dump(struct sk_buff *skb, | |||
| 271 | nla_put_failure: | 270 | nla_put_failure: |
| 272 | return -1; | 271 | return -1; |
| 273 | } | 272 | } |
| 273 | EXPORT_SYMBOL_GPL(nft_meta_set_dump); | ||
| 274 | 274 | ||
| 275 | static struct nft_expr_type nft_meta_type; | 275 | static struct nft_expr_type nft_meta_type; |
| 276 | static const struct nft_expr_ops nft_meta_get_ops = { | 276 | static const struct nft_expr_ops nft_meta_get_ops = { |