From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eyal Birger Subject: [PATCH net-next 1/2] net: netfilter: export xt_policy match_policy_in() as xt_policy_match_policy_in() Date: Fri, 12 Jan 2018 14:57:24 +0200 Message-ID: <1515761845-31323-2-git-send-email-eyal.birger@gmail.com> References: <1515761845-31323-1-git-send-email-eyal.birger@gmail.com> Cc: coreteam@netfilter.org, shmulik@metanetworks.com, Eyal Birger To: netdev@vger.kernel.org, pablo@netfilter.org, jhs@mojatatu.com Return-path: Received: from mail-wm0-f67.google.com ([74.125.82.67]:39496 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933674AbeALM6F (ORCPT ); Fri, 12 Jan 2018 07:58:05 -0500 Received: by mail-wm0-f67.google.com with SMTP id i11so11607982wmf.4 for ; Fri, 12 Jan 2018 04:58:04 -0800 (PST) In-Reply-To: <1515761845-31323-1-git-send-email-eyal.birger@gmail.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Eyal Birger Expose this functionality so it could be usable from a tc classifier. The rename of match_policy_out() is done for consistency though it is not exported. Signed-off-by: Eyal Birger --- include/net/netfilter/xt_policy.h | 12 ++++++++++++ net/netfilter/xt_policy.c | 18 ++++++++++-------- 2 files changed, 22 insertions(+), 8 deletions(-) create mode 100644 include/net/netfilter/xt_policy.h diff --git a/include/net/netfilter/xt_policy.h b/include/net/netfilter/xt_policy.h new file mode 100644 index 0000000..99dcd57 --- /dev/null +++ b/include/net/netfilter/xt_policy.h @@ -0,0 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _XT_POLICY_INT_H +#define _XT_POLICY_INT_H + +#include +#include + +int xt_policy_match_policy_in(const struct sk_buff *skb, + const struct xt_policy_info *info, + unsigned short family); + +#endif /* _XT_POLICY_INT_H */ diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c index 5639fb0..4f9d0b1 100644 --- a/net/netfilter/xt_policy.c +++ b/net/netfilter/xt_policy.c @@ -16,6 +16,7 @@ #include #include #include +#include MODULE_AUTHOR("Patrick McHardy "); MODULE_DESCRIPTION("Xtables: IPsec policy match"); @@ -51,9 +52,9 @@ match_xfrm_state(const struct xfrm_state *x, const struct xt_policy_elem *e, MATCH(reqid, x->props.reqid); } -static int -match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info, - unsigned short family) +int xt_policy_match_policy_in(const struct sk_buff *skb, + const struct xt_policy_info *info, + unsigned short family) { const struct xt_policy_elem *e; const struct sec_path *sp = skb->sp; @@ -80,10 +81,11 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info, return strict ? 1 : 0; } +EXPORT_SYMBOL_GPL(xt_policy_match_policy_in); -static int -match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info, - unsigned short family) +static int xt_policy_match_policy_out(const struct sk_buff *skb, + const struct xt_policy_info *info, + unsigned short family) { const struct xt_policy_elem *e; const struct dst_entry *dst = skb_dst(skb); @@ -117,9 +119,9 @@ policy_mt(const struct sk_buff *skb, struct xt_action_param *par) int ret; if (info->flags & XT_POLICY_MATCH_IN) - ret = match_policy_in(skb, info, xt_family(par)); + ret = xt_policy_match_policy_in(skb, info, xt_family(par)); else - ret = match_policy_out(skb, info, xt_family(par)); + ret = xt_policy_match_policy_out(skb, info, xt_family(par)); if (ret < 0) ret = info->flags & XT_POLICY_MATCH_NONE ? true : false; -- 2.7.4