[RFC][PATCH] nfnetlink parses attributes

[RFC][PATCH] nfnetlink parses attributes

[Pablo Neira]

[-- Attachment #1: Type: text/plain, Size: 304 bytes --]

Hi,

Please do not apply this patch, just a RFC.

I think that we can could nfnetlink_check_attributes from nfnetlink 
itself, so the subsystems receive the attributes already parsed. Almost 
  all the operations in ip_conntrack_netlink always call 
check_attributes first to parse attributes.

--
Pablo

[-- Attachment #2: attributes.patch --]
[-- Type: text/x-patch, Size: 2515 bytes --]

Index: davem-2.6/net/netfilter/nfnetlink.c
===================================================================
--- davem-2.6.orig/net/netfilter/nfnetlink.c	2005-06-30 19:31:47.000000000 +0200
+++ davem-2.6/net/netfilter/nfnetlink.c	2005-06-30 19:49:20.000000000 +0200
@@ -103,19 +103,23 @@
 	return 0;
 }
 
-struct nfnl_callback *nfnetlink_find_client(u_int16_t nlmsg_type)
+static inline struct nfnetlink_subsystem *nfnetlink_get_subsys(u_int16_t type)
 {
-	struct nfnetlink_subsystem *ss;
-	u_int8_t subsys_id = NFNL_SUBSYS_ID(nlmsg_type);
-	u_int8_t type = NFNL_MSG_TYPE(nlmsg_type);
+	u_int8_t subsys_id = NFNL_SUBSYS_ID(type);
 
 	if (subsys_id >= NFNL_SUBSYS_COUNT
 	    || subsys_table[subsys_id] == NULL)
 		return NULL;
 
-	ss = subsys_table[subsys_id];
+	return subsys_table[subsys_id];
+}
 
-	if (type >= ss->cb_count) {
+static inline struct nfnl_callback *
+nfnetlink_find_client(u_int16_t type, struct nfnetlink_subsystem *ss)
+{
+	u_int8_t cb_id = NFNL_MSG_TYPE(type);
+	
+	if (cb_id >= ss->cb_count) {
 		DEBUGP("msgtype %u >= %u, returning\n", type, ss->cb_count);
 		return NULL;
 	}
@@ -209,6 +213,7 @@
 				    struct nlmsghdr *nlh, int *errp)
 {
 	struct nfnl_callback *nc;
+	struct nfnetlink_subsystem *ss;
 	int type, err = 0;
 
 	DEBUGP("entered; subsys=%u, msgtype=%u\n",
@@ -228,7 +233,11 @@
 	}
 
 	type = nlh->nlmsg_type;
-	nc = nfnetlink_find_client(type);
+	ss = nfnetlink_get_subsys(type);
+	if (!ss)
+		goto err_inval;
+
+	nc = nfnetlink_find_client(type, ss);
 	if (!nc) {
 		DEBUGP("unable to find client for type %d\n", type);
 		goto err_inval;
@@ -241,9 +250,17 @@
 		return -1;
 	}
 
-	err = nc->call(nfnl, skb, nlh, errp);
-	*errp = err;
-	return err;
+	{
+		struct nfattr *cda[ss->attr_count];
+		
+		err = nfnetlink_check_attributes(ss, nlh, cda);
+		if (err < 0)
+			goto err_inval;
+		
+		err = nc->call(nfnl, skb, nlh, cda, errp);
+		*errp = err;
+		return err;
+	}
 
 err_inval:
 	*errp = -EINVAL;
Index: davem-2.6/include/linux/netfilter/nfnetlink.h
===================================================================
--- davem-2.6.orig/include/linux/netfilter/nfnetlink.h	2005-06-30 19:50:06.000000000 +0200
+++ davem-2.6/include/linux/netfilter/nfnetlink.h	2005-06-30 19:50:40.000000000 +0200
@@ -60,7 +60,7 @@
 {
 	kernel_cap_t cap_required; /* capabilities required for this msg */
 	int (*call)(struct sock *nl, struct sk_buff *skb, 
-		struct nlmsghdr *nlh, int *errp);
+		struct nlmsghdr *nlh, struct nfattr *cda[], int *errp);
 };
 
 struct nfnetlink_subsystem

Re: [RFC][PATCH] nfnetlink parses attributes

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 774 bytes --]

On Thu, Jun 30, 2005 at 08:05:43PM +0200, Pablo Neira wrote:
> Hi,
> 
> I think that we can could nfnetlink_check_attributes from nfnetlink
> itself, so the subsystems receive the attributes already parsed.
> Almost  all the operations in ip_conntrack_netlink always call
> check_attributes first to parse attributes.

Sure, I think I wanted to change it like that at some point in the past.

-- 
- Harald Welte <laforge@netfilter.org>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]