Commit ea200cdd authored by Florian Westphal's avatar Florian Westphal Committed by Greg Kroah-Hartman

netfilter: nft_compat: prepare for indirect info storage

commit 8bdf1647 upstream.

Next patch will make it possible for *info to be stored in
a separate allocation instead of the expr private area.

This removes the 'expr priv area is info blob' assumption
from the match init/destroy/eval functions.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 1ea5ed0c
...@@ -324,11 +324,11 @@ static int nft_target_validate(const struct nft_ctx *ctx, ...@@ -324,11 +324,11 @@ static int nft_target_validate(const struct nft_ctx *ctx,
return 0; return 0;
} }
static void nft_match_eval(const struct nft_expr *expr, static void __nft_match_eval(const struct nft_expr *expr,
struct nft_regs *regs, struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt,
void *info)
{ {
void *info = nft_expr_priv(expr);
struct xt_match *match = expr->ops->data; struct xt_match *match = expr->ops->data;
struct sk_buff *skb = pkt->skb; struct sk_buff *skb = pkt->skb;
bool ret; bool ret;
...@@ -352,6 +352,13 @@ static void nft_match_eval(const struct nft_expr *expr, ...@@ -352,6 +352,13 @@ static void nft_match_eval(const struct nft_expr *expr,
} }
} }
static void nft_match_eval(const struct nft_expr *expr,
struct nft_regs *regs,
const struct nft_pktinfo *pkt)
{
__nft_match_eval(expr, regs, pkt, nft_expr_priv(expr));
}
static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = { static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
[NFTA_MATCH_NAME] = { .type = NLA_NUL_STRING }, [NFTA_MATCH_NAME] = { .type = NLA_NUL_STRING },
[NFTA_MATCH_REV] = { .type = NLA_U32 }, [NFTA_MATCH_REV] = { .type = NLA_U32 },
...@@ -412,10 +419,10 @@ static void match_compat_from_user(struct xt_match *m, void *in, void *out) ...@@ -412,10 +419,10 @@ static void match_compat_from_user(struct xt_match *m, void *in, void *out)
} }
static int static int
nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, __nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
const struct nlattr * const tb[]) const struct nlattr * const tb[],
void *info)
{ {
void *info = nft_expr_priv(expr);
struct xt_match *match = expr->ops->data; struct xt_match *match = expr->ops->data;
struct xt_mtchk_param par; struct xt_mtchk_param par;
size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO])); size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO]));
...@@ -444,11 +451,18 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr, ...@@ -444,11 +451,18 @@ nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
return 0; return 0;
} }
static int
nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
const struct nlattr * const tb[])
{
return __nft_match_init(ctx, expr, tb, nft_expr_priv(expr));
}
static void static void
nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) __nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr,
void *info)
{ {
struct xt_match *match = expr->ops->data; struct xt_match *match = expr->ops->data;
void *info = nft_expr_priv(expr);
struct xt_mtdtor_param par; struct xt_mtdtor_param par;
par.net = ctx->net; par.net = ctx->net;
...@@ -462,9 +476,15 @@ nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) ...@@ -462,9 +476,15 @@ nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
module_put(match->me); module_put(match->me);
} }
static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr) static void
nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
{
__nft_match_destroy(ctx, expr, nft_expr_priv(expr));
}
static int __nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr,
void *info)
{ {
void *info = nft_expr_priv(expr);
struct xt_match *match = expr->ops->data; struct xt_match *match = expr->ops->data;
if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) || if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) ||
...@@ -478,6 +498,11 @@ static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr) ...@@ -478,6 +498,11 @@ static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr)
return -1; return -1;
} }
static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr)
{
return __nft_match_dump(skb, expr, nft_expr_priv(expr));
}
static int nft_match_validate(const struct nft_ctx *ctx, static int nft_match_validate(const struct nft_ctx *ctx,
const struct nft_expr *expr, const struct nft_expr *expr,
const struct nft_data **data) const struct nft_data **data)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment