netfilter: prepare xt_cgroup for multi revisions

xt_cgroup will grow cgroup2 path based match. Postfix existing symbols with _v0 and prepare for multi revision registration. Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Daniel Wagner <daniel.wagner@bmw-carit.de> CC: Neil Horman <nhorman@tuxdriver.com> Cc: Jan Engelhardt <jengelh@inai.de> Cc: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: prepare xt_cgroup for multi revisions
xt_cgroup will grow cgroup2 path based match. Postfix existing symbols with _v0 and prepare for multi revision registration. Signed-off-by: Tejun Heo <tj@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Cc: Daniel Wagner <daniel.wagner@bmw-carit.de> CC: Neil Horman <nhorman@tuxdriver.com> Cc: Jan Engelhardt <jengelh@inai.de> Cc: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
4ec8ff0e · Tejun Heo · Pablo Neira Ayuso · a4ec8008 · 4ec8ff0e · 4ec8ff0e
Commit 4ec8ff0e authored Dec 07, 2015 by Tejun Heo Committed by Pablo Neira Ayuso Dec 14, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 18 deletions

include/uapi/linux/netfilter/xt_cgroup.h include/uapi/linux/netfilter/xt_cgroup.h +1 -1

net/netfilter/xt_cgroup.c net/netfilter/xt_cgroup.c +19 -17

No files found.
--- a/include/uapi/linux/netfilter/xt_cgroup.h
+++ b/include/uapi/linux/netfilter/xt_cgroup.h
@@ -3,7 +3,7 @@
 #include <linux/types.h>
-struct xt_cgroup_info {
+struct xt_cgroup_info_v0 {
 	__u32 id;
 	__u32 invert;
 };

--- a/net/netfilter/xt_cgroup.c
+++ b/net/netfilter/xt_cgroup.c
@@ -24,9 +24,9 @@ MODULE_DESCRIPTION("Xtables: process control group matching");
 MODULE_ALIAS("ipt_cgroup");
 MODULE_ALIAS("ip6t_cgroup");
-static int cgroup_mt_check(const struct xt_mtchk_param *par)
+static int cgroup_mt_check_v0(const struct xt_mtchk_param *par)
 {
-	struct xt_cgroup_info *info = par->matchinfo;
+	struct xt_cgroup_info_v0 *info = par->matchinfo;
 	if (info->invert & ~1)
 		return -EINVAL;
@@ -35,9 +35,9 @@ static int cgroup_mt_check(const struct xt_mtchk_param *par)
 }
 static bool
-cgroup_mt(const struct sk_buff *skb, struct xt_action_param *par)
+cgroup_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
 {
-	const struct xt_cgroup_info *info = par->matchinfo;
+	const struct xt_cgroup_info_v0 *info = par->matchinfo;
 	if (skb->sk == NULL || !sk_fullsock(skb->sk))
 		return false;
@@ -46,27 +46,29 @@ cgroup_mt(const struct sk_buff *skb, struct xt_action_param *par)
 		info->invert;
 }
-static struct xt_match cgroup_mt_reg __read_mostly = {
+static struct xt_match cgroup_mt_reg[] __read_mostly = {
-	.name       = "cgroup",
+	{
-	.revision   = 0,
+		.name		= "cgroup",
-	.family     = NFPROTO_UNSPEC,
+		.revision	= 0,
-	.checkentry = cgroup_mt_check,
+		.family		= NFPROTO_UNSPEC,
-	.match      = cgroup_mt,
+		.checkentry	= cgroup_mt_check_v0,
-	.matchsize  = sizeof(struct xt_cgroup_info),
+		.match		= cgroup_mt_v0,
-	.me         = THIS_MODULE,
+		.matchsize	= sizeof(struct xt_cgroup_info_v0),
-	.hooks      = (1 << NF_INET_LOCAL_OUT) |
+		.me		= THIS_MODULE,
-		      (1 << NF_INET_POST_ROUTING) |
+		.hooks		= (1 << NF_INET_LOCAL_OUT) |
-		      (1 << NF_INET_LOCAL_IN),
+				  (1 << NF_INET_POST_ROUTING) |
+				  (1 << NF_INET_LOCAL_IN),
+	},
 };
 static int __init cgroup_mt_init(void)
 {
-	return xt_register_match(&cgroup_mt_reg);
+	return xt_register_matches(cgroup_mt_reg, ARRAY_SIZE(cgroup_mt_reg));
 }
 static void __exit cgroup_mt_exit(void)
 {
-	xt_unregister_match(&cgroup_mt_reg);
+	xt_unregister_matches(cgroup_mt_reg, ARRAY_SIZE(cgroup_mt_reg));
 }
 module_init(cgroup_mt_init);