diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-03-25 10:08:48 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-03-26 06:09:34 -0400 |
| commit | b2832dd6621bf73eb8ad38389a94bd83a5983886 (patch) | |
| tree | a60547029ce1982087446a925e811b51e71c1549 | |
| parent | 61edafbb47e9f46fb850035b1f8f062564445704 (diff) | |
netfilter: nf_tables: return set extensions from ->lookup()
Return the extension area from the ->lookup() function to allow to
consolidate common actions.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 4 | ||||
| -rw-r--r-- | net/netfilter/nft_hash.c | 6 | ||||
| -rw-r--r-- | net/netfilter/nft_lookup.c | 6 | ||||
| -rw-r--r-- | net/netfilter/nft_rbtree.c | 7 |
4 files changed, 14 insertions, 9 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 6ac63323afd2..f190d26bda7d 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h | |||
| @@ -200,6 +200,8 @@ struct nft_set_estimate { | |||
| 200 | enum nft_set_class class; | 200 | enum nft_set_class class; |
| 201 | }; | 201 | }; |
| 202 | 202 | ||
| 203 | struct nft_set_ext; | ||
| 204 | |||
| 203 | /** | 205 | /** |
| 204 | * struct nft_set_ops - nf_tables set operations | 206 | * struct nft_set_ops - nf_tables set operations |
| 205 | * | 207 | * |
| @@ -218,7 +220,7 @@ struct nft_set_estimate { | |||
| 218 | struct nft_set_ops { | 220 | struct nft_set_ops { |
| 219 | bool (*lookup)(const struct nft_set *set, | 221 | bool (*lookup)(const struct nft_set *set, |
| 220 | const struct nft_data *key, | 222 | const struct nft_data *key, |
| 221 | struct nft_data *data); | 223 | const struct nft_set_ext **ext); |
| 222 | int (*get)(const struct nft_set *set, | 224 | int (*get)(const struct nft_set *set, |
| 223 | struct nft_set_elem *elem); | 225 | struct nft_set_elem *elem); |
| 224 | int (*insert)(const struct nft_set *set, | 226 | int (*insert)(const struct nft_set *set, |
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c index 94bf25def37f..5bee82195ef5 100644 --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c | |||
| @@ -66,7 +66,7 @@ static inline int nft_hash_cmp(struct rhashtable_compare_arg *arg, | |||
| 66 | 66 | ||
| 67 | static bool nft_hash_lookup(const struct nft_set *set, | 67 | static bool nft_hash_lookup(const struct nft_set *set, |
| 68 | const struct nft_data *key, | 68 | const struct nft_data *key, |
| 69 | struct nft_data *data) | 69 | const struct nft_set_ext **ext) |
| 70 | { | 70 | { |
| 71 | struct nft_hash *priv = nft_set_priv(set); | 71 | struct nft_hash *priv = nft_set_priv(set); |
| 72 | const struct nft_hash_elem *he; | 72 | const struct nft_hash_elem *he; |
| @@ -76,8 +76,8 @@ static bool nft_hash_lookup(const struct nft_set *set, | |||
| 76 | }; | 76 | }; |
| 77 | 77 | ||
| 78 | he = rhashtable_lookup_fast(&priv->ht, &arg, nft_hash_params); | 78 | he = rhashtable_lookup_fast(&priv->ht, &arg, nft_hash_params); |
| 79 | if (he && set->flags & NFT_SET_MAP) | 79 | if (he != NULL) |
| 80 | nft_data_copy(data, nft_set_ext_data(&he->ext)); | 80 | *ext = &he->ext; |
| 81 | 81 | ||
| 82 | return !!he; | 82 | return !!he; |
| 83 | } | 83 | } |
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c index 9615b8b9fb37..a5f30b8760ea 100644 --- a/net/netfilter/nft_lookup.c +++ b/net/netfilter/nft_lookup.c | |||
| @@ -31,9 +31,13 @@ static void nft_lookup_eval(const struct nft_expr *expr, | |||
| 31 | { | 31 | { |
| 32 | const struct nft_lookup *priv = nft_expr_priv(expr); | 32 | const struct nft_lookup *priv = nft_expr_priv(expr); |
| 33 | const struct nft_set *set = priv->set; | 33 | const struct nft_set *set = priv->set; |
| 34 | const struct nft_set_ext *ext; | ||
| 34 | 35 | ||
| 35 | if (set->ops->lookup(set, &data[priv->sreg], &data[priv->dreg])) | 36 | if (set->ops->lookup(set, &data[priv->sreg], &ext)) { |
| 37 | if (set->flags & NFT_SET_MAP) | ||
| 38 | nft_data_copy(&data[priv->dreg], nft_set_ext_data(ext)); | ||
| 36 | return; | 39 | return; |
| 40 | } | ||
| 37 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 41 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; |
| 38 | } | 42 | } |
| 39 | 43 | ||
diff --git a/net/netfilter/nft_rbtree.c b/net/netfilter/nft_rbtree.c index 332c6afc77e9..cbba755ebebc 100644 --- a/net/netfilter/nft_rbtree.c +++ b/net/netfilter/nft_rbtree.c | |||
| @@ -31,7 +31,7 @@ struct nft_rbtree_elem { | |||
| 31 | 31 | ||
| 32 | static bool nft_rbtree_lookup(const struct nft_set *set, | 32 | static bool nft_rbtree_lookup(const struct nft_set *set, |
| 33 | const struct nft_data *key, | 33 | const struct nft_data *key, |
| 34 | struct nft_data *data) | 34 | const struct nft_set_ext **ext) |
| 35 | { | 35 | { |
| 36 | const struct nft_rbtree *priv = nft_set_priv(set); | 36 | const struct nft_rbtree *priv = nft_set_priv(set); |
| 37 | const struct nft_rbtree_elem *rbe, *interval = NULL; | 37 | const struct nft_rbtree_elem *rbe, *interval = NULL; |
| @@ -55,10 +55,9 @@ found: | |||
| 55 | *nft_set_ext_flags(&rbe->ext) & | 55 | *nft_set_ext_flags(&rbe->ext) & |
| 56 | NFT_SET_ELEM_INTERVAL_END) | 56 | NFT_SET_ELEM_INTERVAL_END) |
| 57 | goto out; | 57 | goto out; |
| 58 | if (set->flags & NFT_SET_MAP) | ||
| 59 | nft_data_copy(data, nft_set_ext_data(&rbe->ext)); | ||
| 60 | |||
| 61 | spin_unlock_bh(&nft_rbtree_lock); | 58 | spin_unlock_bh(&nft_rbtree_lock); |
| 59 | |||
| 60 | *ext = &rbe->ext; | ||
| 62 | return true; | 61 | return true; |
| 63 | } | 62 | } |
| 64 | } | 63 | } |