From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 16/21] netfilter: nf_tables: add helper functions for expression handling
Date: Mon, 13 Apr 2015 21:29:55 +0200 [thread overview]
Message-ID: <1428953401-4838-17-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1428953401-4838-1-git-send-email-pablo@netfilter.org>
From: Patrick McHardy <kaber@trash.net>
Add helper functions for initializing, cloning, dumping and destroying
a single expression that is not part of a rule.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/netfilter/nf_tables.h | 13 +++++++++
net/netfilter/nf_tables_api.c | 56 +++++++++++++++++++++++++++++++++----
2 files changed, 64 insertions(+), 5 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index cb42da1..e21623c 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1,6 +1,7 @@
#ifndef _NET_NF_TABLES_H
#define _NET_NF_TABLES_H
+#include <linux/module.h>
#include <linux/list.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nfnetlink.h>
@@ -641,6 +642,18 @@ static inline void *nft_expr_priv(const struct nft_expr *expr)
return (void *)expr->data;
}
+struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
+ const struct nlattr *nla);
+void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr);
+int nft_expr_dump(struct sk_buff *skb, unsigned int attr,
+ const struct nft_expr *expr);
+
+static inline void nft_expr_clone(struct nft_expr *dst, struct nft_expr *src)
+{
+ __module_get(src->ops->type->owner);
+ memcpy(dst, src, src->ops->size);
+}
+
/**
* struct nft_rule - nf_tables rule
*
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ed0e70e..e97bee5 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1545,6 +1545,23 @@ nla_put_failure:
return -1;
};
+int nft_expr_dump(struct sk_buff *skb, unsigned int attr,
+ const struct nft_expr *expr)
+{
+ struct nlattr *nest;
+
+ nest = nla_nest_start(skb, attr);
+ if (!nest)
+ goto nla_put_failure;
+ if (nf_tables_fill_expr_info(skb, expr) < 0)
+ goto nla_put_failure;
+ nla_nest_end(skb, nest);
+ return 0;
+
+nla_put_failure:
+ return -1;
+}
+
struct nft_expr_info {
const struct nft_expr_ops *ops;
struct nlattr *tb[NFT_EXPR_MAXATTR + 1];
@@ -1622,6 +1639,39 @@ static void nf_tables_expr_destroy(const struct nft_ctx *ctx,
module_put(expr->ops->type->owner);
}
+struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
+ const struct nlattr *nla)
+{
+ struct nft_expr_info info;
+ struct nft_expr *expr;
+ int err;
+
+ err = nf_tables_expr_parse(ctx, nla, &info);
+ if (err < 0)
+ goto err1;
+
+ err = -ENOMEM;
+ expr = kzalloc(info.ops->size, GFP_KERNEL);
+ if (expr == NULL)
+ goto err2;
+
+ err = nf_tables_newexpr(ctx, &info, expr);
+ if (err < 0)
+ goto err2;
+
+ return expr;
+err2:
+ module_put(info.ops->type->owner);
+err1:
+ return ERR_PTR(err);
+}
+
+void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr)
+{
+ nf_tables_expr_destroy(ctx, expr);
+ kfree(expr);
+}
+
/*
* Rules
*/
@@ -1703,12 +1753,8 @@ static int nf_tables_fill_rule_info(struct sk_buff *skb, struct net *net,
if (list == NULL)
goto nla_put_failure;
nft_rule_for_each_expr(expr, next, rule) {
- struct nlattr *elem = nla_nest_start(skb, NFTA_LIST_ELEM);
- if (elem == NULL)
- goto nla_put_failure;
- if (nf_tables_fill_expr_info(skb, expr) < 0)
+ if (nft_expr_dump(skb, NFTA_LIST_ELEM, expr) < 0)
goto nla_put_failure;
- nla_nest_end(skb, elem);
}
nla_nest_end(skb, list);
--
1.7.10.4
next prev parent reply other threads:[~2015-04-13 19:29 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-13 19:29 [PATCH 00/21] Netfilter updates for net-next Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 01/21] netfilter: nf_tables: validate len in nft_validate_data_load() Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 02/21] netfilter: nf_tables: rename nft_validate_data_load() Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 03/21] netfilter: nft_lookup: use nft_validate_register_store() to validate types Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 04/21] netfilter: nf_tables: kill nft_validate_output_register() Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 05/21] netfilter: nf_tables: introduce nft_validate_register_load() Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 06/21] netfilter: nf_tables: get rid of NFT_REG_VERDICT usage Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 07/21] netfilter: nf_tables: use struct nft_verdict within struct nft_data Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 08/21] netfilter: nf_tables: convert expressions to u32 register pointers Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 09/21] netfilter: nf_tables: kill nft_data_cmp() Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 10/21] netfilter: nf_tables: convert sets to u32 data pointers Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 11/21] netfilter: nf_tables: add register parsing/dumping helpers Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 12/21] netfilter: nf_tables: switch registers to 32 bit addressing Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 13/21] netfilter: nf_tables: support variable sized data in nft_data_init() Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 14/21] netfilter: nf_tables: variable sized set element keys / data Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 15/21] uapi: ebtables: don't include linux/if.h Pablo Neira Ayuso
2015-04-13 19:29 ` Pablo Neira Ayuso [this message]
2015-04-13 19:29 ` [PATCH 17/21] netfilter: nf_tables: prepare for expressions associated to set elements Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 18/21] netfilter: nf_tables: mark stateful expressions Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 19/21] netfilter: nf_tables: add flag to indicate set contains expressions Pablo Neira Ayuso
2015-04-13 19:29 ` [PATCH 20/21] netfilter: nft_dynset: dynamic stateful expression instantiation Pablo Neira Ayuso
2015-04-13 19:30 ` [PATCH 21/21] netfilter: nf_tables: get rid of the expression example code Pablo Neira Ayuso
2015-04-14 2:18 ` [PATCH 00/21] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1428953401-4838-17-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).