diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-10 21:27:31 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-13 11:17:07 -0400 |
| commit | a55e22e92f1a31018e6dc8fce35380900f022c24 (patch) | |
| tree | 6acac379a7a836efbae5aa2b0bac292b953f0db4 /net | |
| parent | d07db9884a5fba8c8020166c86183c79a18d066a (diff) | |
netfilter: nf_tables: get rid of NFT_REG_VERDICT usage
Replace the array of registers passed to expressions by a struct nft_regs,
containing the verdict as a seperate member, which aliases to the
NFT_REG_VERDICT register.
This is needed to seperate the verdict from the data registers completely,
so their size can be changed.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
27 files changed, 115 insertions, 120 deletions
diff --git a/net/bridge/netfilter/nft_meta_bridge.c b/net/bridge/netfilter/nft_meta_bridge.c index 54d984768443..f0dfa387c55c 100644 --- a/net/bridge/netfilter/nft_meta_bridge.c +++ b/net/bridge/netfilter/nft_meta_bridge.c | |||
| @@ -19,12 +19,12 @@ | |||
| 19 | #include "../br_private.h" | 19 | #include "../br_private.h" |
| 20 | 20 | ||
| 21 | static void nft_meta_bridge_get_eval(const struct nft_expr *expr, | 21 | static void nft_meta_bridge_get_eval(const struct nft_expr *expr, |
| 22 | struct nft_data data[NFT_REG_MAX + 1], | 22 | struct nft_regs *regs, |
| 23 | const struct nft_pktinfo *pkt) | 23 | const struct nft_pktinfo *pkt) |
| 24 | { | 24 | { |
| 25 | const struct nft_meta *priv = nft_expr_priv(expr); | 25 | const struct nft_meta *priv = nft_expr_priv(expr); |
| 26 | const struct net_device *in = pkt->in, *out = pkt->out; | 26 | const struct net_device *in = pkt->in, *out = pkt->out; |
| 27 | struct nft_data *dest = &data[priv->dreg]; | 27 | struct nft_data *dest = ®s->data[priv->dreg]; |
| 28 | const struct net_bridge_port *p; | 28 | const struct net_bridge_port *p; |
| 29 | 29 | ||
| 30 | switch (priv->key) { | 30 | switch (priv->key) { |
| @@ -43,9 +43,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr, | |||
| 43 | strncpy((char *)dest->data, p->br->dev->name, sizeof(dest->data)); | 43 | strncpy((char *)dest->data, p->br->dev->name, sizeof(dest->data)); |
| 44 | return; | 44 | return; |
| 45 | out: | 45 | out: |
| 46 | return nft_meta_get_eval(expr, data, pkt); | 46 | return nft_meta_get_eval(expr, regs, pkt); |
| 47 | err: | 47 | err: |
| 48 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 48 | regs->verdict.code = NFT_BREAK; |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | static int nft_meta_bridge_get_init(const struct nft_ctx *ctx, | 51 | static int nft_meta_bridge_get_init(const struct nft_ctx *ctx, |
diff --git a/net/bridge/netfilter/nft_reject_bridge.c b/net/bridge/netfilter/nft_reject_bridge.c index ae8141f409d9..858d848564ee 100644 --- a/net/bridge/netfilter/nft_reject_bridge.c +++ b/net/bridge/netfilter/nft_reject_bridge.c | |||
| @@ -257,8 +257,8 @@ static void nft_reject_br_send_v6_unreach(struct net *net, | |||
| 257 | } | 257 | } |
| 258 | 258 | ||
| 259 | static void nft_reject_bridge_eval(const struct nft_expr *expr, | 259 | static void nft_reject_bridge_eval(const struct nft_expr *expr, |
| 260 | struct nft_data data[NFT_REG_MAX + 1], | 260 | struct nft_regs *regs, |
| 261 | const struct nft_pktinfo *pkt) | 261 | const struct nft_pktinfo *pkt) |
| 262 | { | 262 | { |
| 263 | struct nft_reject *priv = nft_expr_priv(expr); | 263 | struct nft_reject *priv = nft_expr_priv(expr); |
| 264 | struct net *net = dev_net((pkt->in != NULL) ? pkt->in : pkt->out); | 264 | struct net *net = dev_net((pkt->in != NULL) ? pkt->in : pkt->out); |
| @@ -310,7 +310,7 @@ static void nft_reject_bridge_eval(const struct nft_expr *expr, | |||
| 310 | break; | 310 | break; |
| 311 | } | 311 | } |
| 312 | out: | 312 | out: |
| 313 | data[NFT_REG_VERDICT].verdict = NF_DROP; | 313 | regs->verdict.code = NF_DROP; |
| 314 | } | 314 | } |
| 315 | 315 | ||
| 316 | static int nft_reject_bridge_validate(const struct nft_ctx *ctx, | 316 | static int nft_reject_bridge_validate(const struct nft_ctx *ctx, |
diff --git a/net/ipv4/netfilter/nft_masq_ipv4.c b/net/ipv4/netfilter/nft_masq_ipv4.c index 665de06561cd..40e414c4ca56 100644 --- a/net/ipv4/netfilter/nft_masq_ipv4.c +++ b/net/ipv4/netfilter/nft_masq_ipv4.c | |||
| @@ -17,20 +17,17 @@ | |||
| 17 | #include <net/netfilter/ipv4/nf_nat_masquerade.h> | 17 | #include <net/netfilter/ipv4/nf_nat_masquerade.h> |
| 18 | 18 | ||
| 19 | static void nft_masq_ipv4_eval(const struct nft_expr *expr, | 19 | static void nft_masq_ipv4_eval(const struct nft_expr *expr, |
| 20 | struct nft_data data[NFT_REG_MAX + 1], | 20 | struct nft_regs *regs, |
| 21 | const struct nft_pktinfo *pkt) | 21 | const struct nft_pktinfo *pkt) |
| 22 | { | 22 | { |
| 23 | struct nft_masq *priv = nft_expr_priv(expr); | 23 | struct nft_masq *priv = nft_expr_priv(expr); |
| 24 | struct nf_nat_range range; | 24 | struct nf_nat_range range; |
| 25 | unsigned int verdict; | ||
| 26 | 25 | ||
| 27 | memset(&range, 0, sizeof(range)); | 26 | memset(&range, 0, sizeof(range)); |
| 28 | range.flags = priv->flags; | 27 | range.flags = priv->flags; |
| 29 | 28 | ||
| 30 | verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum, | 29 | regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum, |
| 31 | &range, pkt->out); | 30 | &range, pkt->out); |
| 32 | |||
| 33 | data[NFT_REG_VERDICT].verdict = verdict; | ||
| 34 | } | 31 | } |
| 35 | 32 | ||
| 36 | static struct nft_expr_type nft_masq_ipv4_type; | 33 | static struct nft_expr_type nft_masq_ipv4_type; |
diff --git a/net/ipv4/netfilter/nft_redir_ipv4.c b/net/ipv4/netfilter/nft_redir_ipv4.c index 6ecfce63201a..312cf6f3b6dc 100644 --- a/net/ipv4/netfilter/nft_redir_ipv4.c +++ b/net/ipv4/netfilter/nft_redir_ipv4.c | |||
| @@ -18,26 +18,25 @@ | |||
| 18 | #include <net/netfilter/nft_redir.h> | 18 | #include <net/netfilter/nft_redir.h> |
| 19 | 19 | ||
| 20 | static void nft_redir_ipv4_eval(const struct nft_expr *expr, | 20 | static void nft_redir_ipv4_eval(const struct nft_expr *expr, |
| 21 | struct nft_data data[NFT_REG_MAX + 1], | 21 | struct nft_regs *regs, |
| 22 | const struct nft_pktinfo *pkt) | 22 | const struct nft_pktinfo *pkt) |
| 23 | { | 23 | { |
| 24 | struct nft_redir *priv = nft_expr_priv(expr); | 24 | struct nft_redir *priv = nft_expr_priv(expr); |
| 25 | struct nf_nat_ipv4_multi_range_compat mr; | 25 | struct nf_nat_ipv4_multi_range_compat mr; |
| 26 | unsigned int verdict; | ||
| 27 | 26 | ||
| 28 | memset(&mr, 0, sizeof(mr)); | 27 | memset(&mr, 0, sizeof(mr)); |
| 29 | if (priv->sreg_proto_min) { | 28 | if (priv->sreg_proto_min) { |
| 30 | mr.range[0].min.all = | 29 | mr.range[0].min.all = |
| 31 | *(__be16 *)&data[priv->sreg_proto_min].data[0]; | 30 | *(__be16 *)®s->data[priv->sreg_proto_min].data[0]; |
| 32 | mr.range[0].max.all = | 31 | mr.range[0].max.all = |
| 33 | *(__be16 *)&data[priv->sreg_proto_max].data[0]; | 32 | *(__be16 *)®s->data[priv->sreg_proto_max].data[0]; |
| 34 | mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED; | 33 | mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED; |
| 35 | } | 34 | } |
| 36 | 35 | ||
| 37 | mr.range[0].flags |= priv->flags; | 36 | mr.range[0].flags |= priv->flags; |
| 38 | 37 | ||
| 39 | verdict = nf_nat_redirect_ipv4(pkt->skb, &mr, pkt->ops->hooknum); | 38 | regs->verdict.code = nf_nat_redirect_ipv4(pkt->skb, &mr, |
| 40 | data[NFT_REG_VERDICT].verdict = verdict; | 39 | pkt->ops->hooknum); |
| 41 | } | 40 | } |
| 42 | 41 | ||
| 43 | static struct nft_expr_type nft_redir_ipv4_type; | 42 | static struct nft_expr_type nft_redir_ipv4_type; |
diff --git a/net/ipv4/netfilter/nft_reject_ipv4.c b/net/ipv4/netfilter/nft_reject_ipv4.c index a7621faa9678..b07e58b51158 100644 --- a/net/ipv4/netfilter/nft_reject_ipv4.c +++ b/net/ipv4/netfilter/nft_reject_ipv4.c | |||
| @@ -20,7 +20,7 @@ | |||
| 20 | #include <net/netfilter/nft_reject.h> | 20 | #include <net/netfilter/nft_reject.h> |
| 21 | 21 | ||
| 22 | static void nft_reject_ipv4_eval(const struct nft_expr *expr, | 22 | static void nft_reject_ipv4_eval(const struct nft_expr *expr, |
| 23 | struct nft_data data[NFT_REG_MAX + 1], | 23 | struct nft_regs *regs, |
| 24 | const struct nft_pktinfo *pkt) | 24 | const struct nft_pktinfo *pkt) |
| 25 | { | 25 | { |
| 26 | struct nft_reject *priv = nft_expr_priv(expr); | 26 | struct nft_reject *priv = nft_expr_priv(expr); |
| @@ -37,7 +37,7 @@ static void nft_reject_ipv4_eval(const struct nft_expr *expr, | |||
| 37 | break; | 37 | break; |
| 38 | } | 38 | } |
| 39 | 39 | ||
| 40 | data[NFT_REG_VERDICT].verdict = NF_DROP; | 40 | regs->verdict.code = NF_DROP; |
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | static struct nft_expr_type nft_reject_ipv4_type; | 43 | static struct nft_expr_type nft_reject_ipv4_type; |
diff --git a/net/ipv6/netfilter/nft_masq_ipv6.c b/net/ipv6/netfilter/nft_masq_ipv6.c index 529c119cbb14..cd1ac1637a05 100644 --- a/net/ipv6/netfilter/nft_masq_ipv6.c +++ b/net/ipv6/netfilter/nft_masq_ipv6.c | |||
| @@ -18,19 +18,16 @@ | |||
| 18 | #include <net/netfilter/ipv6/nf_nat_masquerade.h> | 18 | #include <net/netfilter/ipv6/nf_nat_masquerade.h> |
| 19 | 19 | ||
| 20 | static void nft_masq_ipv6_eval(const struct nft_expr *expr, | 20 | static void nft_masq_ipv6_eval(const struct nft_expr *expr, |
| 21 | struct nft_data data[NFT_REG_MAX + 1], | 21 | struct nft_regs *regs, |
| 22 | const struct nft_pktinfo *pkt) | 22 | const struct nft_pktinfo *pkt) |
| 23 | { | 23 | { |
| 24 | struct nft_masq *priv = nft_expr_priv(expr); | 24 | struct nft_masq *priv = nft_expr_priv(expr); |
| 25 | struct nf_nat_range range; | 25 | struct nf_nat_range range; |
| 26 | unsigned int verdict; | ||
| 27 | 26 | ||
| 28 | memset(&range, 0, sizeof(range)); | 27 | memset(&range, 0, sizeof(range)); |
| 29 | range.flags = priv->flags; | 28 | range.flags = priv->flags; |
| 30 | 29 | ||
| 31 | verdict = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out); | 30 | regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out); |
| 32 | |||
| 33 | data[NFT_REG_VERDICT].verdict = verdict; | ||
| 34 | } | 31 | } |
| 35 | 32 | ||
| 36 | static struct nft_expr_type nft_masq_ipv6_type; | 33 | static struct nft_expr_type nft_masq_ipv6_type; |
diff --git a/net/ipv6/netfilter/nft_redir_ipv6.c b/net/ipv6/netfilter/nft_redir_ipv6.c index 11820b6b3613..0eed774815cf 100644 --- a/net/ipv6/netfilter/nft_redir_ipv6.c +++ b/net/ipv6/netfilter/nft_redir_ipv6.c | |||
| @@ -18,26 +18,25 @@ | |||
| 18 | #include <net/netfilter/nf_nat_redirect.h> | 18 | #include <net/netfilter/nf_nat_redirect.h> |
| 19 | 19 | ||
| 20 | static void nft_redir_ipv6_eval(const struct nft_expr *expr, | 20 | static void nft_redir_ipv6_eval(const struct nft_expr *expr, |
| 21 | struct nft_data data[NFT_REG_MAX + 1], | 21 | struct nft_regs *regs, |
| 22 | const struct nft_pktinfo *pkt) | 22 | const struct nft_pktinfo *pkt) |
| 23 | { | 23 | { |
| 24 | struct nft_redir *priv = nft_expr_priv(expr); | 24 | struct nft_redir *priv = nft_expr_priv(expr); |
| 25 | struct nf_nat_range range; | 25 | struct nf_nat_range range; |
| 26 | unsigned int verdict; | ||
| 27 | 26 | ||
| 28 | memset(&range, 0, sizeof(range)); | 27 | memset(&range, 0, sizeof(range)); |
| 29 | if (priv->sreg_proto_min) { | 28 | if (priv->sreg_proto_min) { |
| 30 | range.min_proto.all = | 29 | range.min_proto.all = |
| 31 | *(__be16 *)&data[priv->sreg_proto_min].data[0]; | 30 | *(__be16 *)®s->data[priv->sreg_proto_min].data[0]; |
| 32 | range.max_proto.all = | 31 | range.max_proto.all = |
| 33 | *(__be16 *)&data[priv->sreg_proto_max].data[0]; | 32 | *(__be16 *)®s->data[priv->sreg_proto_max].data[0]; |
| 34 | range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; | 33 | range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; |
| 35 | } | 34 | } |
| 36 | 35 | ||
| 37 | range.flags |= priv->flags; | 36 | range.flags |= priv->flags; |
| 38 | 37 | ||
| 39 | verdict = nf_nat_redirect_ipv6(pkt->skb, &range, pkt->ops->hooknum); | 38 | regs->verdict.code = nf_nat_redirect_ipv6(pkt->skb, &range, |
| 40 | data[NFT_REG_VERDICT].verdict = verdict; | 39 | pkt->ops->hooknum); |
| 41 | } | 40 | } |
| 42 | 41 | ||
| 43 | static struct nft_expr_type nft_redir_ipv6_type; | 42 | static struct nft_expr_type nft_redir_ipv6_type; |
diff --git a/net/ipv6/netfilter/nft_reject_ipv6.c b/net/ipv6/netfilter/nft_reject_ipv6.c index 71c7be5ee43a..d0d1540ecf87 100644 --- a/net/ipv6/netfilter/nft_reject_ipv6.c +++ b/net/ipv6/netfilter/nft_reject_ipv6.c | |||
| @@ -20,7 +20,7 @@ | |||
| 20 | #include <net/netfilter/ipv6/nf_reject.h> | 20 | #include <net/netfilter/ipv6/nf_reject.h> |
| 21 | 21 | ||
| 22 | static void nft_reject_ipv6_eval(const struct nft_expr *expr, | 22 | static void nft_reject_ipv6_eval(const struct nft_expr *expr, |
| 23 | struct nft_data data[NFT_REG_MAX + 1], | 23 | struct nft_regs *regs, |
| 24 | const struct nft_pktinfo *pkt) | 24 | const struct nft_pktinfo *pkt) |
| 25 | { | 25 | { |
| 26 | struct nft_reject *priv = nft_expr_priv(expr); | 26 | struct nft_reject *priv = nft_expr_priv(expr); |
| @@ -38,7 +38,7 @@ static void nft_reject_ipv6_eval(const struct nft_expr *expr, | |||
| 38 | break; | 38 | break; |
| 39 | } | 39 | } |
| 40 | 40 | ||
| 41 | data[NFT_REG_VERDICT].verdict = NF_DROP; | 41 | regs->verdict.code = NF_DROP; |
| 42 | } | 42 | } |
| 43 | 43 | ||
| 44 | static struct nft_expr_type nft_reject_ipv6_type; | 44 | static struct nft_expr_type nft_reject_ipv6_type; |
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index 7caf08a9225d..667cdf03326a 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c | |||
| @@ -65,23 +65,23 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, | |||
| 65 | } | 65 | } |
| 66 | 66 | ||
| 67 | static void nft_cmp_fast_eval(const struct nft_expr *expr, | 67 | static void nft_cmp_fast_eval(const struct nft_expr *expr, |
| 68 | struct nft_data data[NFT_REG_MAX + 1]) | 68 | struct nft_regs *regs) |
| 69 | { | 69 | { |
| 70 | const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr); | 70 | const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr); |
| 71 | u32 mask = nft_cmp_fast_mask(priv->len); | 71 | u32 mask = nft_cmp_fast_mask(priv->len); |
| 72 | 72 | ||
| 73 | if ((data[priv->sreg].data[0] & mask) == priv->data) | 73 | if ((regs->data[priv->sreg].data[0] & mask) == priv->data) |
| 74 | return; | 74 | return; |
| 75 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 75 | regs->verdict.code = NFT_BREAK; |
| 76 | } | 76 | } |
| 77 | 77 | ||
| 78 | static bool nft_payload_fast_eval(const struct nft_expr *expr, | 78 | static bool nft_payload_fast_eval(const struct nft_expr *expr, |
| 79 | struct nft_data data[NFT_REG_MAX + 1], | 79 | struct nft_regs *regs, |
| 80 | const struct nft_pktinfo *pkt) | 80 | const struct nft_pktinfo *pkt) |
| 81 | { | 81 | { |
| 82 | const struct nft_payload *priv = nft_expr_priv(expr); | 82 | const struct nft_payload *priv = nft_expr_priv(expr); |
| 83 | const struct sk_buff *skb = pkt->skb; | 83 | const struct sk_buff *skb = pkt->skb; |
| 84 | struct nft_data *dest = &data[priv->dreg]; | 84 | struct nft_data *dest = ®s->data[priv->dreg]; |
| 85 | unsigned char *ptr; | 85 | unsigned char *ptr; |
| 86 | 86 | ||
| 87 | if (priv->base == NFT_PAYLOAD_NETWORK_HEADER) | 87 | if (priv->base == NFT_PAYLOAD_NETWORK_HEADER) |
| @@ -116,7 +116,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) | |||
| 116 | const struct net *net = read_pnet(&nft_base_chain(basechain)->pnet); | 116 | const struct net *net = read_pnet(&nft_base_chain(basechain)->pnet); |
| 117 | const struct nft_rule *rule; | 117 | const struct nft_rule *rule; |
| 118 | const struct nft_expr *expr, *last; | 118 | const struct nft_expr *expr, *last; |
| 119 | struct nft_data data[NFT_REG_MAX + 1]; | 119 | struct nft_regs regs; |
| 120 | unsigned int stackptr = 0; | 120 | unsigned int stackptr = 0; |
| 121 | struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; | 121 | struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; |
| 122 | struct nft_stats *stats; | 122 | struct nft_stats *stats; |
| @@ -127,7 +127,7 @@ do_chain: | |||
| 127 | rulenum = 0; | 127 | rulenum = 0; |
| 128 | rule = list_entry(&chain->rules, struct nft_rule, list); | 128 | rule = list_entry(&chain->rules, struct nft_rule, list); |
| 129 | next_rule: | 129 | next_rule: |
| 130 | data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; | 130 | regs.verdict.code = NFT_CONTINUE; |
| 131 | list_for_each_entry_continue_rcu(rule, &chain->rules, list) { | 131 | list_for_each_entry_continue_rcu(rule, &chain->rules, list) { |
| 132 | 132 | ||
| 133 | /* This rule is not active, skip. */ | 133 | /* This rule is not active, skip. */ |
| @@ -138,18 +138,18 @@ next_rule: | |||
| 138 | 138 | ||
| 139 | nft_rule_for_each_expr(expr, last, rule) { | 139 | nft_rule_for_each_expr(expr, last, rule) { |
| 140 | if (expr->ops == &nft_cmp_fast_ops) | 140 | if (expr->ops == &nft_cmp_fast_ops) |
| 141 | nft_cmp_fast_eval(expr, data); | 141 | nft_cmp_fast_eval(expr, ®s); |
| 142 | else if (expr->ops != &nft_payload_fast_ops || | 142 | else if (expr->ops != &nft_payload_fast_ops || |
| 143 | !nft_payload_fast_eval(expr, data, pkt)) | 143 | !nft_payload_fast_eval(expr, ®s, pkt)) |
| 144 | expr->ops->eval(expr, data, pkt); | 144 | expr->ops->eval(expr, ®s, pkt); |
| 145 | 145 | ||
| 146 | if (data[NFT_REG_VERDICT].verdict != NFT_CONTINUE) | 146 | if (regs.verdict.code != NFT_CONTINUE) |
| 147 | break; | 147 | break; |
| 148 | } | 148 | } |
| 149 | 149 | ||
| 150 | switch (data[NFT_REG_VERDICT].verdict) { | 150 | switch (regs.verdict.code) { |
| 151 | case NFT_BREAK: | 151 | case NFT_BREAK: |
| 152 | data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; | 152 | regs.verdict.code = NFT_CONTINUE; |
| 153 | continue; | 153 | continue; |
| 154 | case NFT_CONTINUE: | 154 | case NFT_CONTINUE: |
| 155 | nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); | 155 | nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); |
| @@ -158,15 +158,15 @@ next_rule: | |||
| 158 | break; | 158 | break; |
| 159 | } | 159 | } |
| 160 | 160 | ||
| 161 | switch (data[NFT_REG_VERDICT].verdict & NF_VERDICT_MASK) { | 161 | switch (regs.verdict.code & NF_VERDICT_MASK) { |
| 162 | case NF_ACCEPT: | 162 | case NF_ACCEPT: |
| 163 | case NF_DROP: | 163 | case NF_DROP: |
| 164 | case NF_QUEUE: | 164 | case NF_QUEUE: |
| 165 | nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); | 165 | nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); |
| 166 | return data[NFT_REG_VERDICT].verdict; | 166 | return regs.verdict.code; |
| 167 | } | 167 | } |
| 168 | 168 | ||
| 169 | switch (data[NFT_REG_VERDICT].verdict) { | 169 | switch (regs.verdict.code) { |
| 170 | case NFT_JUMP: | 170 | case NFT_JUMP: |
| 171 | BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE); | 171 | BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE); |
| 172 | jumpstack[stackptr].chain = chain; | 172 | jumpstack[stackptr].chain = chain; |
| @@ -177,7 +177,7 @@ next_rule: | |||
| 177 | case NFT_GOTO: | 177 | case NFT_GOTO: |
| 178 | nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); | 178 | nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); |
| 179 | 179 | ||
| 180 | chain = data[NFT_REG_VERDICT].chain; | 180 | chain = regs.verdict.chain; |
| 181 | goto do_chain; | 181 | goto do_chain; |
| 182 | case NFT_CONTINUE: | 182 | case NFT_CONTINUE: |
| 183 | rulenum++; | 183 | rulenum++; |
diff --git a/net/netfilter/nft_bitwise.c b/net/netfilter/nft_bitwise.c index 60050eeca1f6..2b8f51890aff 100644 --- a/net/netfilter/nft_bitwise.c +++ b/net/netfilter/nft_bitwise.c | |||
| @@ -26,12 +26,12 @@ struct nft_bitwise { | |||
| 26 | }; | 26 | }; |
| 27 | 27 | ||
| 28 | static void nft_bitwise_eval(const struct nft_expr *expr, | 28 | static void nft_bitwise_eval(const struct nft_expr *expr, |
| 29 | struct nft_data data[NFT_REG_MAX + 1], | 29 | struct nft_regs *regs, |
| 30 | const struct nft_pktinfo *pkt) | 30 | const struct nft_pktinfo *pkt) |
| 31 | { | 31 | { |
| 32 | const struct nft_bitwise *priv = nft_expr_priv(expr); | 32 | const struct nft_bitwise *priv = nft_expr_priv(expr); |
| 33 | const struct nft_data *src = &data[priv->sreg]; | 33 | const struct nft_data *src = ®s->data[priv->sreg]; |
| 34 | struct nft_data *dst = &data[priv->dreg]; | 34 | struct nft_data *dst = ®s->data[priv->dreg]; |
| 35 | unsigned int i; | 35 | unsigned int i; |
| 36 | 36 | ||
| 37 | for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++) { | 37 | for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++) { |
diff --git a/net/netfilter/nft_byteorder.c b/net/netfilter/nft_byteorder.c index f34bfbdd6ba2..48fbfa3b7ad8 100644 --- a/net/netfilter/nft_byteorder.c +++ b/net/netfilter/nft_byteorder.c | |||
| @@ -26,11 +26,12 @@ struct nft_byteorder { | |||
| 26 | }; | 26 | }; |
| 27 | 27 | ||
| 28 | static void nft_byteorder_eval(const struct nft_expr *expr, | 28 | static void nft_byteorder_eval(const struct nft_expr *expr, |
| 29 | struct nft_data data[NFT_REG_MAX + 1], | 29 | struct nft_regs *regs, |
| 30 | const struct nft_pktinfo *pkt) | 30 | const struct nft_pktinfo *pkt) |
| 31 | { | 31 | { |
| 32 | const struct nft_byteorder *priv = nft_expr_priv(expr); | 32 | const struct nft_byteorder *priv = nft_expr_priv(expr); |
| 33 | struct nft_data *src = &data[priv->sreg], *dst = &data[priv->dreg]; | 33 | struct nft_data *src = ®s->data[priv->sreg]; |
| 34 | struct nft_data *dst = ®s->data[priv->dreg]; | ||
| 34 | union { u32 u32; u16 u16; } *s, *d; | 35 | union { u32 u32; u16 u16; } *s, *d; |
| 35 | unsigned int i; | 36 | unsigned int i; |
| 36 | 37 | ||
diff --git a/net/netfilter/nft_cmp.c b/net/netfilter/nft_cmp.c index 17e9b8beaa1d..59391e6a92a5 100644 --- a/net/netfilter/nft_cmp.c +++ b/net/netfilter/nft_cmp.c | |||
| @@ -25,13 +25,13 @@ struct nft_cmp_expr { | |||
| 25 | }; | 25 | }; |
| 26 | 26 | ||
| 27 | static void nft_cmp_eval(const struct nft_expr *expr, | 27 | static void nft_cmp_eval(const struct nft_expr *expr, |
| 28 | struct nft_data data[NFT_REG_MAX + 1], | 28 | struct nft_regs *regs, |
| 29 | const struct nft_pktinfo *pkt) | 29 | const struct nft_pktinfo *pkt) |
| 30 | { | 30 | { |
| 31 | const struct nft_cmp_expr *priv = nft_expr_priv(expr); | 31 | const struct nft_cmp_expr *priv = nft_expr_priv(expr); |
| 32 | int d; | 32 | int d; |
| 33 | 33 | ||
| 34 | d = nft_data_cmp(&data[priv->sreg], &priv->data, priv->len); | 34 | d = nft_data_cmp(®s->data[priv->sreg], &priv->data, priv->len); |
| 35 | switch (priv->op) { | 35 | switch (priv->op) { |
| 36 | case NFT_CMP_EQ: | 36 | case NFT_CMP_EQ: |
| 37 | if (d != 0) | 37 | if (d != 0) |
| @@ -59,7 +59,7 @@ static void nft_cmp_eval(const struct nft_expr *expr, | |||
| 59 | return; | 59 | return; |
| 60 | 60 | ||
| 61 | mismatch: | 61 | mismatch: |
| 62 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 62 | regs->verdict.code = NFT_BREAK; |
| 63 | } | 63 | } |
| 64 | 64 | ||
| 65 | static const struct nla_policy nft_cmp_policy[NFTA_CMP_MAX + 1] = { | 65 | static const struct nla_policy nft_cmp_policy[NFTA_CMP_MAX + 1] = { |
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 0d137c1ac889..7f29cfc76349 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c | |||
| @@ -55,7 +55,7 @@ nft_compat_set_par(struct xt_action_param *par, void *xt, const void *xt_info) | |||
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | static void nft_target_eval_xt(const struct nft_expr *expr, | 57 | static void nft_target_eval_xt(const struct nft_expr *expr, |
| 58 | struct nft_data data[NFT_REG_MAX + 1], | 58 | struct nft_regs *regs, |
| 59 | const struct nft_pktinfo *pkt) | 59 | const struct nft_pktinfo *pkt) |
| 60 | { | 60 | { |
| 61 | void *info = nft_expr_priv(expr); | 61 | void *info = nft_expr_priv(expr); |
| @@ -72,16 +72,16 @@ static void nft_target_eval_xt(const struct nft_expr *expr, | |||
| 72 | 72 | ||
| 73 | switch (ret) { | 73 | switch (ret) { |
| 74 | case XT_CONTINUE: | 74 | case XT_CONTINUE: |
| 75 | data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; | 75 | regs->verdict.code = NFT_CONTINUE; |
| 76 | break; | 76 | break; |
| 77 | default: | 77 | default: |
| 78 | data[NFT_REG_VERDICT].verdict = ret; | 78 | regs->verdict.code = ret; |
| 79 | break; | 79 | break; |
| 80 | } | 80 | } |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | static void nft_target_eval_bridge(const struct nft_expr *expr, | 83 | static void nft_target_eval_bridge(const struct nft_expr *expr, |
| 84 | struct nft_data data[NFT_REG_MAX + 1], | 84 | struct nft_regs *regs, |
| 85 | const struct nft_pktinfo *pkt) | 85 | const struct nft_pktinfo *pkt) |
| 86 | { | 86 | { |
| 87 | void *info = nft_expr_priv(expr); | 87 | void *info = nft_expr_priv(expr); |
| @@ -98,19 +98,19 @@ static void nft_target_eval_bridge(const struct nft_expr *expr, | |||
| 98 | 98 | ||
| 99 | switch (ret) { | 99 | switch (ret) { |
| 100 | case EBT_ACCEPT: | 100 | case EBT_ACCEPT: |
| 101 | data[NFT_REG_VERDICT].verdict = NF_ACCEPT; | 101 | regs->verdict.code = NF_ACCEPT; |
| 102 | break; | 102 | break; |
| 103 | case EBT_DROP: | 103 | case EBT_DROP: |
| 104 | data[NFT_REG_VERDICT].verdict = NF_DROP; | 104 | regs->verdict.code = NF_DROP; |
| 105 | break; | 105 | break; |
| 106 | case EBT_CONTINUE: | 106 | case EBT_CONTINUE: |
| 107 | data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; | 107 | regs->verdict.code = NFT_CONTINUE; |
| 108 | break; | 108 | break; |
| 109 | case EBT_RETURN: | 109 | case EBT_RETURN: |
| 110 | data[NFT_REG_VERDICT].verdict = NFT_RETURN; | 110 | regs->verdict.code = NFT_RETURN; |
| 111 | break; | 111 | break; |
| 112 | default: | 112 | default: |
| 113 | data[NFT_REG_VERDICT].verdict = ret; | 113 | regs->verdict.code = ret; |
| 114 | break; | 114 | break; |
| 115 | } | 115 | } |
| 116 | } | 116 | } |
| @@ -304,7 +304,7 @@ static int nft_target_validate(const struct nft_ctx *ctx, | |||
| 304 | } | 304 | } |
| 305 | 305 | ||
| 306 | static void nft_match_eval(const struct nft_expr *expr, | 306 | static void nft_match_eval(const struct nft_expr *expr, |
| 307 | struct nft_data data[NFT_REG_MAX + 1], | 307 | struct nft_regs *regs, |
| 308 | const struct nft_pktinfo *pkt) | 308 | const struct nft_pktinfo *pkt) |
| 309 | { | 309 | { |
| 310 | void *info = nft_expr_priv(expr); | 310 | void *info = nft_expr_priv(expr); |
| @@ -317,16 +317,16 @@ static void nft_match_eval(const struct nft_expr *expr, | |||
| 317 | ret = match->match(skb, (struct xt_action_param *)&pkt->xt); | 317 | ret = match->match(skb, (struct xt_action_param *)&pkt->xt); |
| 318 | 318 | ||
| 319 | if (pkt->xt.hotdrop) { | 319 | if (pkt->xt.hotdrop) { |
| 320 | data[NFT_REG_VERDICT].verdict = NF_DROP; | 320 | regs->verdict.code = NF_DROP; |
| 321 | return; | 321 | return; |
| 322 | } | 322 | } |
| 323 | 323 | ||
| 324 | switch (ret ? 1 : 0) { | 324 | switch (ret ? 1 : 0) { |
| 325 | case 1: | 325 | case 1: |
| 326 | data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; | 326 | regs->verdict.code = NFT_CONTINUE; |
| 327 | break; | 327 | break; |
| 328 | case 0: | 328 | case 0: |
| 329 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 329 | regs->verdict.code = NFT_BREAK; |
| 330 | break; | 330 | break; |
| 331 | } | 331 | } |
| 332 | } | 332 | } |
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c index c89ee486ce54..0f6367e3e540 100644 --- a/net/netfilter/nft_counter.c +++ b/net/netfilter/nft_counter.c | |||
| @@ -24,7 +24,7 @@ struct nft_counter { | |||
| 24 | }; | 24 | }; |
| 25 | 25 | ||
| 26 | static void nft_counter_eval(const struct nft_expr *expr, | 26 | static void nft_counter_eval(const struct nft_expr *expr, |
| 27 | struct nft_data data[NFT_REG_MAX + 1], | 27 | struct nft_regs *regs, |
| 28 | const struct nft_pktinfo *pkt) | 28 | const struct nft_pktinfo *pkt) |
| 29 | { | 29 | { |
| 30 | struct nft_counter *priv = nft_expr_priv(expr); | 30 | struct nft_counter *priv = nft_expr_priv(expr); |
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index 6bf6ed710de1..077e06b5308e 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c | |||
| @@ -31,11 +31,11 @@ struct nft_ct { | |||
| 31 | }; | 31 | }; |
| 32 | 32 | ||
| 33 | static void nft_ct_get_eval(const struct nft_expr *expr, | 33 | static void nft_ct_get_eval(const struct nft_expr *expr, |
| 34 | struct nft_data data[NFT_REG_MAX + 1], | 34 | struct nft_regs *regs, |
| 35 | const struct nft_pktinfo *pkt) | 35 | const struct nft_pktinfo *pkt) |
| 36 | { | 36 | { |
| 37 | const struct nft_ct *priv = nft_expr_priv(expr); | 37 | const struct nft_ct *priv = nft_expr_priv(expr); |
| 38 | struct nft_data *dest = &data[priv->dreg]; | 38 | struct nft_data *dest = ®s->data[priv->dreg]; |
| 39 | enum ip_conntrack_info ctinfo; | 39 | enum ip_conntrack_info ctinfo; |
| 40 | const struct nf_conn *ct; | 40 | const struct nf_conn *ct; |
| 41 | const struct nf_conn_help *help; | 41 | const struct nf_conn_help *help; |
| @@ -146,17 +146,17 @@ static void nft_ct_get_eval(const struct nft_expr *expr, | |||
| 146 | } | 146 | } |
| 147 | return; | 147 | return; |
| 148 | err: | 148 | err: |
| 149 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 149 | regs->verdict.code = NFT_BREAK; |
| 150 | } | 150 | } |
| 151 | 151 | ||
| 152 | static void nft_ct_set_eval(const struct nft_expr *expr, | 152 | static void nft_ct_set_eval(const struct nft_expr *expr, |
| 153 | struct nft_data data[NFT_REG_MAX + 1], | 153 | struct nft_regs *regs, |
| 154 | const struct nft_pktinfo *pkt) | 154 | const struct nft_pktinfo *pkt) |
| 155 | { | 155 | { |
| 156 | const struct nft_ct *priv = nft_expr_priv(expr); | 156 | const struct nft_ct *priv = nft_expr_priv(expr); |
| 157 | struct sk_buff *skb = pkt->skb; | 157 | struct sk_buff *skb = pkt->skb; |
| 158 | #ifdef CONFIG_NF_CONNTRACK_MARK | 158 | #ifdef CONFIG_NF_CONNTRACK_MARK |
| 159 | u32 value = data[priv->sreg].data[0]; | 159 | u32 value = regs->data[priv->sreg].data[0]; |
| 160 | #endif | 160 | #endif |
| 161 | enum ip_conntrack_info ctinfo; | 161 | enum ip_conntrack_info ctinfo; |
| 162 | struct nf_conn *ct; | 162 | struct nf_conn *ct; |
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c index 3ea52b701e2b..e398f6d44fa9 100644 --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c | |||
| @@ -27,7 +27,7 @@ struct nft_dynset { | |||
| 27 | }; | 27 | }; |
| 28 | 28 | ||
| 29 | static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, | 29 | static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, |
| 30 | struct nft_data data[NFT_REG_MAX + 1]) | 30 | struct nft_regs *regs) |
| 31 | { | 31 | { |
| 32 | const struct nft_dynset *priv = nft_expr_priv(expr); | 32 | const struct nft_dynset *priv = nft_expr_priv(expr); |
| 33 | u64 timeout; | 33 | u64 timeout; |
| @@ -38,7 +38,8 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, | |||
| 38 | 38 | ||
| 39 | timeout = priv->timeout ? : set->timeout; | 39 | timeout = priv->timeout ? : set->timeout; |
| 40 | elem = nft_set_elem_init(set, &priv->tmpl, | 40 | elem = nft_set_elem_init(set, &priv->tmpl, |
| 41 | &data[priv->sreg_key], &data[priv->sreg_data], | 41 | ®s->data[priv->sreg_key], |
| 42 | ®s->data[priv->sreg_data], | ||
| 42 | timeout, GFP_ATOMIC); | 43 | timeout, GFP_ATOMIC); |
| 43 | if (elem == NULL) { | 44 | if (elem == NULL) { |
| 44 | if (set->size) | 45 | if (set->size) |
| @@ -48,7 +49,7 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, | |||
| 48 | } | 49 | } |
| 49 | 50 | ||
| 50 | static void nft_dynset_eval(const struct nft_expr *expr, | 51 | static void nft_dynset_eval(const struct nft_expr *expr, |
| 51 | struct nft_data data[NFT_REG_MAX + 1], | 52 | struct nft_regs *regs, |
| 52 | const struct nft_pktinfo *pkt) | 53 | const struct nft_pktinfo *pkt) |
| 53 | { | 54 | { |
| 54 | const struct nft_dynset *priv = nft_expr_priv(expr); | 55 | const struct nft_dynset *priv = nft_expr_priv(expr); |
| @@ -56,8 +57,8 @@ static void nft_dynset_eval(const struct nft_expr *expr, | |||
| 56 | const struct nft_set_ext *ext; | 57 | const struct nft_set_ext *ext; |
| 57 | u64 timeout; | 58 | u64 timeout; |
| 58 | 59 | ||
| 59 | if (set->ops->update(set, &data[priv->sreg_key], nft_dynset_new, | 60 | if (set->ops->update(set, ®s->data[priv->sreg_key], nft_dynset_new, |
| 60 | expr, data, &ext)) { | 61 | expr, regs, &ext)) { |
| 61 | if (priv->op == NFT_DYNSET_OP_UPDATE && | 62 | if (priv->op == NFT_DYNSET_OP_UPDATE && |
| 62 | nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { | 63 | nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { |
| 63 | timeout = priv->timeout ? : set->timeout; | 64 | timeout = priv->timeout ? : set->timeout; |
| @@ -66,7 +67,7 @@ static void nft_dynset_eval(const struct nft_expr *expr, | |||
| 66 | } | 67 | } |
| 67 | } | 68 | } |
| 68 | 69 | ||
| 69 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 70 | regs->verdict.code = NFT_BREAK; |
| 70 | } | 71 | } |
| 71 | 72 | ||
| 72 | static const struct nla_policy nft_dynset_policy[NFTA_DYNSET_MAX + 1] = { | 73 | static const struct nla_policy nft_dynset_policy[NFTA_DYNSET_MAX + 1] = { |
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c index 8c4981cd813b..2480af772d8a 100644 --- a/net/netfilter/nft_exthdr.c +++ b/net/netfilter/nft_exthdr.c | |||
| @@ -26,11 +26,11 @@ struct nft_exthdr { | |||
| 26 | }; | 26 | }; |
| 27 | 27 | ||
| 28 | static void nft_exthdr_eval(const struct nft_expr *expr, | 28 | static void nft_exthdr_eval(const struct nft_expr *expr, |
| 29 | struct nft_data data[NFT_REG_MAX + 1], | 29 | struct nft_regs *regs, |
| 30 | const struct nft_pktinfo *pkt) | 30 | const struct nft_pktinfo *pkt) |
| 31 | { | 31 | { |
| 32 | struct nft_exthdr *priv = nft_expr_priv(expr); | 32 | struct nft_exthdr *priv = nft_expr_priv(expr); |
| 33 | struct nft_data *dest = &data[priv->dreg]; | 33 | struct nft_data *dest = ®s->data[priv->dreg]; |
| 34 | unsigned int offset = 0; | 34 | unsigned int offset = 0; |
| 35 | int err; | 35 | int err; |
| 36 | 36 | ||
| @@ -43,7 +43,7 @@ static void nft_exthdr_eval(const struct nft_expr *expr, | |||
| 43 | goto err; | 43 | goto err; |
| 44 | return; | 44 | return; |
| 45 | err: | 45 | err: |
| 46 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 46 | regs->verdict.code = NFT_BREAK; |
| 47 | } | 47 | } |
| 48 | 48 | ||
| 49 | static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = { | 49 | static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = { |
diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c index bc23806b7fbe..b1101f71807f 100644 --- a/net/netfilter/nft_hash.c +++ b/net/netfilter/nft_hash.c | |||
| @@ -93,9 +93,9 @@ static bool nft_hash_lookup(const struct nft_set *set, | |||
| 93 | static bool nft_hash_update(struct nft_set *set, const struct nft_data *key, | 93 | static bool nft_hash_update(struct nft_set *set, const struct nft_data *key, |
| 94 | void *(*new)(struct nft_set *, | 94 | void *(*new)(struct nft_set *, |
| 95 | const struct nft_expr *, | 95 | const struct nft_expr *, |
| 96 | struct nft_data []), | 96 | struct nft_regs *regs), |
| 97 | const struct nft_expr *expr, | 97 | const struct nft_expr *expr, |
| 98 | struct nft_data data[], | 98 | struct nft_regs *regs, |
| 99 | const struct nft_set_ext **ext) | 99 | const struct nft_set_ext **ext) |
| 100 | { | 100 | { |
| 101 | struct nft_hash *priv = nft_set_priv(set); | 101 | struct nft_hash *priv = nft_set_priv(set); |
| @@ -110,7 +110,7 @@ static bool nft_hash_update(struct nft_set *set, const struct nft_data *key, | |||
| 110 | if (he != NULL) | 110 | if (he != NULL) |
| 111 | goto out; | 111 | goto out; |
| 112 | 112 | ||
| 113 | he = new(set, expr, data); | 113 | he = new(set, expr, regs); |
| 114 | if (he == NULL) | 114 | if (he == NULL) |
| 115 | goto err1; | 115 | goto err1; |
| 116 | if (rhashtable_lookup_insert_key(&priv->ht, &arg, &he->node, | 116 | if (rhashtable_lookup_insert_key(&priv->ht, &arg, &he->node, |
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c index a164c04df9fa..29cc73906e17 100644 --- a/net/netfilter/nft_immediate.c +++ b/net/netfilter/nft_immediate.c | |||
| @@ -24,12 +24,12 @@ struct nft_immediate_expr { | |||
| 24 | }; | 24 | }; |
| 25 | 25 | ||
| 26 | static void nft_immediate_eval(const struct nft_expr *expr, | 26 | static void nft_immediate_eval(const struct nft_expr *expr, |
| 27 | struct nft_data data[NFT_REG_MAX + 1], | 27 | struct nft_regs *regs, |
| 28 | const struct nft_pktinfo *pkt) | 28 | const struct nft_pktinfo *pkt) |
| 29 | { | 29 | { |
| 30 | const struct nft_immediate_expr *priv = nft_expr_priv(expr); | 30 | const struct nft_immediate_expr *priv = nft_expr_priv(expr); |
| 31 | 31 | ||
| 32 | nft_data_copy(&data[priv->dreg], &priv->data); | 32 | nft_data_copy(®s->data[priv->dreg], &priv->data); |
| 33 | } | 33 | } |
| 34 | 34 | ||
| 35 | static const struct nla_policy nft_immediate_policy[NFTA_IMMEDIATE_MAX + 1] = { | 35 | static const struct nla_policy nft_immediate_policy[NFTA_IMMEDIATE_MAX + 1] = { |
diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c index 85da5bd02f64..c8620456afd8 100644 --- a/net/netfilter/nft_limit.c +++ b/net/netfilter/nft_limit.c | |||
| @@ -27,7 +27,7 @@ struct nft_limit { | |||
| 27 | }; | 27 | }; |
| 28 | 28 | ||
| 29 | static void nft_limit_eval(const struct nft_expr *expr, | 29 | static void nft_limit_eval(const struct nft_expr *expr, |
| 30 | struct nft_data data[NFT_REG_MAX + 1], | 30 | struct nft_regs *regs, |
| 31 | const struct nft_pktinfo *pkt) | 31 | const struct nft_pktinfo *pkt) |
| 32 | { | 32 | { |
| 33 | struct nft_limit *priv = nft_expr_priv(expr); | 33 | struct nft_limit *priv = nft_expr_priv(expr); |
| @@ -45,7 +45,7 @@ static void nft_limit_eval(const struct nft_expr *expr, | |||
| 45 | } | 45 | } |
| 46 | spin_unlock_bh(&limit_lock); | 46 | spin_unlock_bh(&limit_lock); |
| 47 | 47 | ||
| 48 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 48 | regs->verdict.code = NFT_BREAK; |
| 49 | } | 49 | } |
| 50 | 50 | ||
| 51 | static const struct nla_policy nft_limit_policy[NFTA_LIMIT_MAX + 1] = { | 51 | static const struct nla_policy nft_limit_policy[NFTA_LIMIT_MAX + 1] = { |
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c index e18af9db2f04..a13d6a386d63 100644 --- a/net/netfilter/nft_log.c +++ b/net/netfilter/nft_log.c | |||
| @@ -27,7 +27,7 @@ struct nft_log { | |||
| 27 | }; | 27 | }; |
| 28 | 28 | ||
| 29 | static void nft_log_eval(const struct nft_expr *expr, | 29 | static void nft_log_eval(const struct nft_expr *expr, |
| 30 | struct nft_data data[NFT_REG_MAX + 1], | 30 | struct nft_regs *regs, |
| 31 | const struct nft_pktinfo *pkt) | 31 | const struct nft_pktinfo *pkt) |
| 32 | { | 32 | { |
| 33 | const struct nft_log *priv = nft_expr_priv(expr); | 33 | const struct nft_log *priv = nft_expr_priv(expr); |
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c index 8fc0d186e0fa..01dba68e8073 100644 --- a/net/netfilter/nft_lookup.c +++ b/net/netfilter/nft_lookup.c | |||
| @@ -26,19 +26,20 @@ struct nft_lookup { | |||
| 26 | }; | 26 | }; |
| 27 | 27 | ||
| 28 | static void nft_lookup_eval(const struct nft_expr *expr, | 28 | static void nft_lookup_eval(const struct nft_expr *expr, |
| 29 | struct nft_data data[NFT_REG_MAX + 1], | 29 | struct nft_regs *regs, |
| 30 | const struct nft_pktinfo *pkt) | 30 | const struct nft_pktinfo *pkt) |
| 31 | { | 31 | { |
| 32 | const struct nft_lookup *priv = nft_expr_priv(expr); | 32 | const struct nft_lookup *priv = nft_expr_priv(expr); |
| 33 | const struct nft_set *set = priv->set; | 33 | const struct nft_set *set = priv->set; |
| 34 | const struct nft_set_ext *ext; | 34 | const struct nft_set_ext *ext; |
| 35 | 35 | ||
| 36 | if (set->ops->lookup(set, &data[priv->sreg], &ext)) { | 36 | if (set->ops->lookup(set, ®s->data[priv->sreg], &ext)) { |
| 37 | if (set->flags & NFT_SET_MAP) | 37 | if (set->flags & NFT_SET_MAP) |
| 38 | nft_data_copy(&data[priv->dreg], nft_set_ext_data(ext)); | 38 | nft_data_copy(®s->data[priv->dreg], |
| 39 | nft_set_ext_data(ext)); | ||
| 39 | return; | 40 | return; |
| 40 | } | 41 | } |
| 41 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 42 | regs->verdict.code = NFT_BREAK; |
| 42 | } | 43 | } |
| 43 | 44 | ||
| 44 | static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = { | 45 | static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = { |
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 0ae6bb732418..3f11c0b4b3d0 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c | |||
| @@ -25,13 +25,13 @@ | |||
| 25 | #include <net/netfilter/nft_meta.h> | 25 | #include <net/netfilter/nft_meta.h> |
| 26 | 26 | ||
| 27 | void nft_meta_get_eval(const struct nft_expr *expr, | 27 | void nft_meta_get_eval(const struct nft_expr *expr, |
| 28 | struct nft_data data[NFT_REG_MAX + 1], | 28 | struct nft_regs *regs, |
| 29 | const struct nft_pktinfo *pkt) | 29 | const struct nft_pktinfo *pkt) |
| 30 | { | 30 | { |
| 31 | const struct nft_meta *priv = nft_expr_priv(expr); | 31 | const struct nft_meta *priv = nft_expr_priv(expr); |
| 32 | const struct sk_buff *skb = pkt->skb; | 32 | const struct sk_buff *skb = pkt->skb; |
| 33 | const struct net_device *in = pkt->in, *out = pkt->out; | 33 | const struct net_device *in = pkt->in, *out = pkt->out; |
| 34 | struct nft_data *dest = &data[priv->dreg]; | 34 | struct nft_data *dest = ®s->data[priv->dreg]; |
| 35 | 35 | ||
| 36 | switch (priv->key) { | 36 | switch (priv->key) { |
| 37 | case NFT_META_LEN: | 37 | case NFT_META_LEN: |
| @@ -177,17 +177,17 @@ void nft_meta_get_eval(const struct nft_expr *expr, | |||
| 177 | return; | 177 | return; |
| 178 | 178 | ||
| 179 | err: | 179 | err: |
| 180 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 180 | regs->verdict.code = NFT_BREAK; |
| 181 | } | 181 | } |
| 182 | EXPORT_SYMBOL_GPL(nft_meta_get_eval); | 182 | EXPORT_SYMBOL_GPL(nft_meta_get_eval); |
| 183 | 183 | ||
| 184 | void nft_meta_set_eval(const struct nft_expr *expr, | 184 | void nft_meta_set_eval(const struct nft_expr *expr, |
| 185 | struct nft_data data[NFT_REG_MAX + 1], | 185 | struct nft_regs *regs, |
| 186 | const struct nft_pktinfo *pkt) | 186 | const struct nft_pktinfo *pkt) |
| 187 | { | 187 | { |
| 188 | const struct nft_meta *meta = nft_expr_priv(expr); | 188 | const struct nft_meta *meta = nft_expr_priv(expr); |
| 189 | struct sk_buff *skb = pkt->skb; | 189 | struct sk_buff *skb = pkt->skb; |
| 190 | u32 value = data[meta->sreg].data[0]; | 190 | u32 value = regs->data[meta->sreg].data[0]; |
| 191 | 191 | ||
| 192 | switch (meta->key) { | 192 | switch (meta->key) { |
| 193 | case NFT_META_MARK: | 193 | case NFT_META_MARK: |
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c index 0897a807a2a6..b72331120eb3 100644 --- a/net/netfilter/nft_nat.c +++ b/net/netfilter/nft_nat.c | |||
| @@ -37,7 +37,7 @@ struct nft_nat { | |||
| 37 | }; | 37 | }; |
| 38 | 38 | ||
| 39 | static void nft_nat_eval(const struct nft_expr *expr, | 39 | static void nft_nat_eval(const struct nft_expr *expr, |
| 40 | struct nft_data data[NFT_REG_MAX + 1], | 40 | struct nft_regs *regs, |
| 41 | const struct nft_pktinfo *pkt) | 41 | const struct nft_pktinfo *pkt) |
| 42 | { | 42 | { |
| 43 | const struct nft_nat *priv = nft_expr_priv(expr); | 43 | const struct nft_nat *priv = nft_expr_priv(expr); |
| @@ -49,16 +49,16 @@ static void nft_nat_eval(const struct nft_expr *expr, | |||
| 49 | if (priv->sreg_addr_min) { | 49 | if (priv->sreg_addr_min) { |
| 50 | if (priv->family == AF_INET) { | 50 | if (priv->family == AF_INET) { |
| 51 | range.min_addr.ip = (__force __be32) | 51 | range.min_addr.ip = (__force __be32) |
| 52 | data[priv->sreg_addr_min].data[0]; | 52 | regs->data[priv->sreg_addr_min].data[0]; |
| 53 | range.max_addr.ip = (__force __be32) | 53 | range.max_addr.ip = (__force __be32) |
| 54 | data[priv->sreg_addr_max].data[0]; | 54 | regs->data[priv->sreg_addr_max].data[0]; |
| 55 | 55 | ||
| 56 | } else { | 56 | } else { |
| 57 | memcpy(range.min_addr.ip6, | 57 | memcpy(range.min_addr.ip6, |
| 58 | data[priv->sreg_addr_min].data, | 58 | ®s->data[priv->sreg_addr_min].data, |
| 59 | sizeof(struct nft_data)); | 59 | sizeof(struct nft_data)); |
| 60 | memcpy(range.max_addr.ip6, | 60 | memcpy(range.max_addr.ip6, |
| 61 | data[priv->sreg_addr_max].data, | 61 | ®s->data[priv->sreg_addr_max].data, |
| 62 | sizeof(struct nft_data)); | 62 | sizeof(struct nft_data)); |
| 63 | } | 63 | } |
| 64 | range.flags |= NF_NAT_RANGE_MAP_IPS; | 64 | range.flags |= NF_NAT_RANGE_MAP_IPS; |
| @@ -66,16 +66,15 @@ static void nft_nat_eval(const struct nft_expr *expr, | |||
| 66 | 66 | ||
| 67 | if (priv->sreg_proto_min) { | 67 | if (priv->sreg_proto_min) { |
| 68 | range.min_proto.all = | 68 | range.min_proto.all = |
| 69 | *(__be16 *)&data[priv->sreg_proto_min].data[0]; | 69 | *(__be16 *)®s->data[priv->sreg_proto_min].data[0]; |
| 70 | range.max_proto.all = | 70 | range.max_proto.all = |
| 71 | *(__be16 *)&data[priv->sreg_proto_max].data[0]; | 71 | *(__be16 *)®s->data[priv->sreg_proto_max].data[0]; |
| 72 | range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; | 72 | range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | range.flags |= priv->flags; | 75 | range.flags |= priv->flags; |
| 76 | 76 | ||
| 77 | data[NFT_REG_VERDICT].verdict = | 77 | regs->verdict.code = nf_nat_setup_info(ct, &range, priv->type); |
| 78 | nf_nat_setup_info(ct, &range, priv->type); | ||
| 79 | } | 78 | } |
| 80 | 79 | ||
| 81 | static const struct nla_policy nft_nat_policy[NFTA_NAT_MAX + 1] = { | 80 | static const struct nla_policy nft_nat_policy[NFTA_NAT_MAX + 1] = { |
diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c index b2a9ef9d3df5..14247c51bbca 100644 --- a/net/netfilter/nft_payload.c +++ b/net/netfilter/nft_payload.c | |||
| @@ -18,12 +18,12 @@ | |||
| 18 | #include <net/netfilter/nf_tables.h> | 18 | #include <net/netfilter/nf_tables.h> |
| 19 | 19 | ||
| 20 | static void nft_payload_eval(const struct nft_expr *expr, | 20 | static void nft_payload_eval(const struct nft_expr *expr, |
| 21 | struct nft_data data[NFT_REG_MAX + 1], | 21 | struct nft_regs *regs, |
| 22 | const struct nft_pktinfo *pkt) | 22 | const struct nft_pktinfo *pkt) |
| 23 | { | 23 | { |
| 24 | const struct nft_payload *priv = nft_expr_priv(expr); | 24 | const struct nft_payload *priv = nft_expr_priv(expr); |
| 25 | const struct sk_buff *skb = pkt->skb; | 25 | const struct sk_buff *skb = pkt->skb; |
| 26 | struct nft_data *dest = &data[priv->dreg]; | 26 | struct nft_data *dest = ®s->data[priv->dreg]; |
| 27 | int offset; | 27 | int offset; |
| 28 | 28 | ||
| 29 | switch (priv->base) { | 29 | switch (priv->base) { |
| @@ -47,7 +47,7 @@ static void nft_payload_eval(const struct nft_expr *expr, | |||
| 47 | goto err; | 47 | goto err; |
| 48 | return; | 48 | return; |
| 49 | err: | 49 | err: |
| 50 | data[NFT_REG_VERDICT].verdict = NFT_BREAK; | 50 | regs->verdict.code = NFT_BREAK; |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = { | 53 | static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = { |
diff --git a/net/netfilter/nft_queue.c b/net/netfilter/nft_queue.c index e8ae2f6bf232..96805d21d618 100644 --- a/net/netfilter/nft_queue.c +++ b/net/netfilter/nft_queue.c | |||
| @@ -28,7 +28,7 @@ struct nft_queue { | |||
| 28 | }; | 28 | }; |
| 29 | 29 | ||
| 30 | static void nft_queue_eval(const struct nft_expr *expr, | 30 | static void nft_queue_eval(const struct nft_expr *expr, |
| 31 | struct nft_data data[NFT_REG_MAX + 1], | 31 | struct nft_regs *regs, |
| 32 | const struct nft_pktinfo *pkt) | 32 | const struct nft_pktinfo *pkt) |
| 33 | { | 33 | { |
| 34 | struct nft_queue *priv = nft_expr_priv(expr); | 34 | struct nft_queue *priv = nft_expr_priv(expr); |
| @@ -51,7 +51,7 @@ static void nft_queue_eval(const struct nft_expr *expr, | |||
| 51 | if (priv->flags & NFT_QUEUE_FLAG_BYPASS) | 51 | if (priv->flags & NFT_QUEUE_FLAG_BYPASS) |
| 52 | ret |= NF_VERDICT_FLAG_QUEUE_BYPASS; | 52 | ret |= NF_VERDICT_FLAG_QUEUE_BYPASS; |
| 53 | 53 | ||
| 54 | data[NFT_REG_VERDICT].verdict = ret; | 54 | regs->verdict.code = ret; |
| 55 | } | 55 | } |
| 56 | 56 | ||
| 57 | static const struct nla_policy nft_queue_policy[NFTA_QUEUE_MAX + 1] = { | 57 | static const struct nla_policy nft_queue_policy[NFTA_QUEUE_MAX + 1] = { |
diff --git a/net/netfilter/nft_reject_inet.c b/net/netfilter/nft_reject_inet.c index 92877114aff4..62cabee42fbe 100644 --- a/net/netfilter/nft_reject_inet.c +++ b/net/netfilter/nft_reject_inet.c | |||
| @@ -18,7 +18,7 @@ | |||
| 18 | #include <net/netfilter/ipv6/nf_reject.h> | 18 | #include <net/netfilter/ipv6/nf_reject.h> |
| 19 | 19 | ||
| 20 | static void nft_reject_inet_eval(const struct nft_expr *expr, | 20 | static void nft_reject_inet_eval(const struct nft_expr *expr, |
| 21 | struct nft_data data[NFT_REG_MAX + 1], | 21 | struct nft_regs *regs, |
| 22 | const struct nft_pktinfo *pkt) | 22 | const struct nft_pktinfo *pkt) |
| 23 | { | 23 | { |
| 24 | struct nft_reject *priv = nft_expr_priv(expr); | 24 | struct nft_reject *priv = nft_expr_priv(expr); |
| @@ -58,7 +58,8 @@ static void nft_reject_inet_eval(const struct nft_expr *expr, | |||
| 58 | } | 58 | } |
| 59 | break; | 59 | break; |
| 60 | } | 60 | } |
| 61 | data[NFT_REG_VERDICT].verdict = NF_DROP; | 61 | |
| 62 | regs->verdict.code = NF_DROP; | ||
| 62 | } | 63 | } |
| 63 | 64 | ||
| 64 | static int nft_reject_inet_init(const struct nft_ctx *ctx, | 65 | static int nft_reject_inet_init(const struct nft_ctx *ctx, |