[RFC][PATCH] nfnetlink parses attributes

[Pablo Neira <pablo@eurodev.net>]

[-- Attachment #1: Type: text/plain, Size: 304 bytes --]

Hi,

Please do not apply this patch, just a RFC.

I think that we can could nfnetlink_check_attributes from nfnetlink 
itself, so the subsystems receive the attributes already parsed. Almost 
  all the operations in ip_conntrack_netlink always call 
check_attributes first to parse attributes.

--
Pablo

[-- Attachment #2: attributes.patch --]
[-- Type: text/x-patch, Size: 2515 bytes --]

Index: davem-2.6/net/netfilter/nfnetlink.c
===================================================================
--- davem-2.6.orig/net/netfilter/nfnetlink.c	2005-06-30 19:31:47.000000000 +0200
+++ davem-2.6/net/netfilter/nfnetlink.c	2005-06-30 19:49:20.000000000 +0200
@@ -103,19 +103,23 @@
 	return 0;
 }
 
-struct nfnl_callback *nfnetlink_find_client(u_int16_t nlmsg_type)
+static inline struct nfnetlink_subsystem *nfnetlink_get_subsys(u_int16_t type)
 {
-	struct nfnetlink_subsystem *ss;
-	u_int8_t subsys_id = NFNL_SUBSYS_ID(nlmsg_type);
-	u_int8_t type = NFNL_MSG_TYPE(nlmsg_type);
+	u_int8_t subsys_id = NFNL_SUBSYS_ID(type);
 
 	if (subsys_id >= NFNL_SUBSYS_COUNT
 	    || subsys_table[subsys_id] == NULL)
 		return NULL;
 
-	ss = subsys_table[subsys_id];
+	return subsys_table[subsys_id];
+}
 
-	if (type >= ss->cb_count) {
+static inline struct nfnl_callback *
+nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss)
+{
+	u_int8_t cb_id = NFNL_MSG_TYPE(type);
+	
+	if (cb_id >= ss->cb_count) {
 		DEBUGP("msgtype %u >= %u, returning\n", type, ss->cb_count);
 		return NULL;
 	}
@@ -209,6 +213,7 @@
 				    struct nlmsghdr *nlh, int *errp)
 {
 	struct nfnl_callback *nc;
+	struct nfnetlink_subsystem *ss;
 	int type, err = 0;
 
 	DEBUGP("entered; subsys=%u, msgtype=%u\n",
@@ -228,7 +233,11 @@
 	}
 
 	type = nlh->nlmsg_type;
-	nc = nfnetlink_find_client(type);
+	ss = nfnetlink_get_subsys(type);
+	if (!ss)
+		goto err_inval;
+
+	nc = nfnetlink_find_client(type, ss);
 	if (!nc) {
 		DEBUGP("unable to find client for type %d\n", type);
 		goto err_inval;
@@ -241,9 +250,17 @@
 		return -1;
 	}
 
-	err = nc->call(nfnl, skb, nlh, errp);
-	*errp = err;
-	return err;
+	{
+		struct nfattr *cda[ss->attr_count];
+		
+		err = nfnetlink_check_attributes(ss, nlh, cda);
+		if (err < 0)
+			goto err_inval;
+		
+		err = nc->call(nfnl, skb, nlh, cda, errp);
+		*errp = err;
+		return err;
+	}
 
 err_inval:
 	*errp = -EINVAL;
Index: davem-2.6/include/linux/netfilter/nfnetlink.h
===================================================================
--- davem-2.6.orig/include/linux/netfilter/nfnetlink.h	2005-06-30 19:50:06.000000000 +0200
+++ davem-2.6/include/linux/netfilter/nfnetlink.h	2005-06-30 19:50:40.000000000 +0200
@@ -60,7 +60,7 @@
 {
 	kernel_cap_t cap_required; /* capabilities required for this msg */
 	int (*call)(struct sock *nl, struct sk_buff *skb, 
-		struct nlmsghdr *nlh, int *errp);
+		struct nlmsghdr *nlh, struct nfattr *cda[], int *errp);
 };
 
 struct nfnetlink_subsystem