aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2014-02-05 10:03:37 -0500
committerPablo Neira Ayuso <pablo@netfilter.org>2014-02-05 18:05:36 -0500
commit64d46806b6218c97f68742c5663a8ae3a5fbe838 (patch)
treedae05e9ed5cee0d1fbd257058b953f21df4ca9b1 /net
parent51292c0735eb2d9e29115cbf6264845e19a6c77d (diff)
netfilter: nf_tables: add AF specific expression support
For the reject module, we need to add AF-specific implementations to get rid of incorrect module dependencies. Try to load an AF-specific module first and fall back to generic modules. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_tables_api.c22
1 files changed, 16 insertions, 6 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3c5a219f4242..113c469c7579 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1114,35 +1114,45 @@ void nft_unregister_expr(struct nft_expr_type *type)
1114} 1114}
1115EXPORT_SYMBOL_GPL(nft_unregister_expr); 1115EXPORT_SYMBOL_GPL(nft_unregister_expr);
1116 1116
1117static const struct nft_expr_type *__nft_expr_type_get(struct nlattr *nla) 1117static const struct nft_expr_type *__nft_expr_type_get(u8 family,
1118 struct nlattr *nla)
1118{ 1119{
1119 const struct nft_expr_type *type; 1120 const struct nft_expr_type *type;
1120 1121
1121 list_for_each_entry(type, &nf_tables_expressions, list) { 1122 list_for_each_entry(type, &nf_tables_expressions, list) {
1122 if (!nla_strcmp(nla, type->name)) 1123 if (!nla_strcmp(nla, type->name) &&
1124 (!type->family || type->family == family))
1123 return type; 1125 return type;
1124 } 1126 }
1125 return NULL; 1127 return NULL;
1126} 1128}
1127 1129
1128static const struct nft_expr_type *nft_expr_type_get(struct nlattr *nla) 1130static const struct nft_expr_type *nft_expr_type_get(u8 family,
1131 struct nlattr *nla)
1129{ 1132{
1130 const struct nft_expr_type *type; 1133 const struct nft_expr_type *type;
1131 1134
1132 if (nla == NULL) 1135 if (nla == NULL)
1133 return ERR_PTR(-EINVAL); 1136 return ERR_PTR(-EINVAL);
1134 1137
1135 type = __nft_expr_type_get(nla); 1138 type = __nft_expr_type_get(family, nla);
1136 if (type != NULL && try_module_get(type->owner)) 1139 if (type != NULL && try_module_get(type->owner))
1137 return type; 1140 return type;
1138 1141
1139#ifdef CONFIG_MODULES 1142#ifdef CONFIG_MODULES
1140 if (type == NULL) { 1143 if (type == NULL) {
1141 nfnl_unlock(NFNL_SUBSYS_NFTABLES); 1144 nfnl_unlock(NFNL_SUBSYS_NFTABLES);
1145 request_module("nft-expr-%u-%.*s", family,
1146 nla_len(nla), (char *)nla_data(nla));
1147 nfnl_lock(NFNL_SUBSYS_NFTABLES);
1148 if (__nft_expr_type_get(family, nla))
1149 return ERR_PTR(-EAGAIN);
1150
1151 nfnl_unlock(NFNL_SUBSYS_NFTABLES);
1142 request_module("nft-expr-%.*s", 1152 request_module("nft-expr-%.*s",
1143 nla_len(nla), (char *)nla_data(nla)); 1153 nla_len(nla), (char *)nla_data(nla));
1144 nfnl_lock(NFNL_SUBSYS_NFTABLES); 1154 nfnl_lock(NFNL_SUBSYS_NFTABLES);
1145 if (__nft_expr_type_get(nla)) 1155 if (__nft_expr_type_get(family, nla))
1146 return ERR_PTR(-EAGAIN); 1156 return ERR_PTR(-EAGAIN);
1147 } 1157 }
1148#endif 1158#endif
@@ -1193,7 +1203,7 @@ static int nf_tables_expr_parse(const struct nft_ctx *ctx,
1193 if (err < 0) 1203 if (err < 0)
1194 return err; 1204 return err;
1195 1205
1196 type = nft_expr_type_get(tb[NFTA_EXPR_NAME]); 1206 type = nft_expr_type_get(ctx->afi->family, tb[NFTA_EXPR_NAME]);
1197 if (IS_ERR(type)) 1207 if (IS_ERR(type))
1198 return PTR_ERR(type); 1208 return PTR_ERR(type);
1199 1209
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-29 14:49:10 -0400