netfilter: nf_tables: get rid of NFT_REG_VERDICT usage

Replace the array of registers passed to expressions by a struct nft_regs,
containing the verdict as a seperate member, which aliases to the
NFT_REG_VERDICT register.

This is needed to seperate the verdict from the data registers completely,
so their size can be changed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 10 insertions, 14 deletions

diff --git a/net/ipv4/netfilter/nft_masq_ipv4.c b/net/ipv4/netfilter/nft_masq_ipv4.c
index 665de06561cd..40e414c4ca56 100644
--- a/net/ipv4/netfilter/nft_masq_ipv4.c
+++ b/net/ipv4/netfilter/nft_masq_ipv4.c
@@ -17,20 +17,17 @@
 #include <net/netfilter/ipv4/nf_nat_masquerade.h>
 
 static void nft_masq_ipv4_eval(const struct nft_expr *expr,
-                               struct nft_data data[NFT_REG_MAX + 1],
+                               struct nft_regs *regs,
                                const struct nft_pktinfo *pkt)
 {
         struct nft_masq *priv = nft_expr_priv(expr);
         struct nf_nat_range range;
-        unsigned int verdict;
 
         memset(&range, 0, sizeof(range));
         range.flags = priv->flags;
 
-        verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum,
-                                         &range, pkt->out);
-
-        data[NFT_REG_VERDICT].verdict = verdict;
+        regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum,
+                                                    &range, pkt->out);
 }
 
 static struct nft_expr_type nft_masq_ipv4_type;
diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c b/net/ipv4/netfilter/nft_redir_ipv4.c
index 6ecfce63201a..312cf6f3b6dc 100644
--- a/net/ipv4/netfilter/nft_redir_ipv4.c
+++ b/net/ipv4/netfilter/nft_redir_ipv4.c
@@ -18,26 +18,25 @@
 #include <net/netfilter/nft_redir.h>
 
 static void nft_redir_ipv4_eval(const struct nft_expr *expr,
-                                struct nft_data data[NFT_REG_MAX + 1],
+                                struct nft_regs *regs,
                                 const struct nft_pktinfo *pkt)
 {
         struct nft_redir *priv = nft_expr_priv(expr);
         struct nf_nat_ipv4_multi_range_compat mr;
-        unsigned int verdict;
 
         memset(&mr, 0, sizeof(mr));
         if (priv->sreg_proto_min) {
                 mr.range[0].min.all =
-                        *(__be16 *)&data[priv->sreg_proto_min].data[0];
+                        *(__be16 *)&regs->data[priv->sreg_proto_min].data[0];
                 mr.range[0].max.all =
-                        *(__be16 *)&data[priv->sreg_proto_max].data[0];
+                        *(__be16 *)&regs->data[priv->sreg_proto_max].data[0];
                 mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
         }
 
         mr.range[0].flags |= priv->flags;
 
-        verdict = nf_nat_redirect_ipv4(pkt->skb, &mr, pkt->ops->hooknum);
-        data[NFT_REG_VERDICT].verdict = verdict;
+        regs->verdict.code = nf_nat_redirect_ipv4(pkt->skb, &mr,
+                                                  pkt->ops->hooknum);
 }
 
 static struct nft_expr_type nft_redir_ipv4_type;
diff --git a/net/ipv4/netfilter/nft_reject_ipv4.c b/net/ipv4/netfilter/nft_reject_ipv4.c
index a7621faa9678..b07e58b51158 100644
--- a/net/ipv4/netfilter/nft_reject_ipv4.c
+++ b/net/ipv4/netfilter/nft_reject_ipv4.c
@@ -20,7 +20,7 @@
 #include <net/netfilter/nft_reject.h>
 
 static void nft_reject_ipv4_eval(const struct nft_expr *expr,
-                                 struct nft_data data[NFT_REG_MAX + 1],
+                                 struct nft_regs *regs,
                                  const struct nft_pktinfo *pkt)
 {
         struct nft_reject *priv = nft_expr_priv(expr);
@@ -37,7 +37,7 @@ static void nft_reject_ipv4_eval(const struct nft_expr *expr,
                 break;
         }
 
-        data[NFT_REG_VERDICT].verdict = NF_DROP;
+        regs->verdict.code = NF_DROP;
 }
 
 static struct nft_expr_type nft_reject_ipv4_type;