* [PATCH v2] netfilter: nf_tables: delete table via table handle
@ 2018-01-08 17:58 Harsha Sharma
2018-01-08 19:23 ` Pablo Neira Ayuso
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Harsha Sharma @ 2018-01-08 17:58 UTC (permalink / raw)
To: pablo, harshasharmaiitr; +Cc: netfilter-devel
This patch add code to delete table via unique table handle and table
family.
Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
---
Changes in v2:
- Remove nf_tables_afinfo_lookup_byhandle
- Change log message
net/netfilter/nf_tables_api.c | 45 +++++++++++++++++++++++++++++++++++++++++--
1 file changed, 43 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ba6065c39674..1f1f3be37034 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -400,6 +400,28 @@ static struct nft_table *nft_table_lookup(const struct nft_af_info *afi,
return NULL;
}
+static struct nft_table *__nft_table_lookup_byhandle(const struct nft_af_info *afi,
+ u64 handle, u8 genmask)
+{
+ struct nft_table *table;
+
+ list_for_each_entry(table, &afi->tables, list) {
+ if (handle == table->handle &&
+ nft_active_genmask(table, genmask))
+ return table;
+ }
+ return NULL;
+}
+
+static struct nft_table *nft_table_lookup_byhandle(const struct nft_af_info *afi,
+ const struct nlattr *nla,
+ u8 genmask)
+{
+ return __nft_table_lookup_byhandle(afi,
+ be64_to_cpu(nla_get_be64(nla)),
+ genmask);
+}
+
static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi,
const struct nlattr *nla,
u8 genmask)
@@ -416,6 +438,22 @@ static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi,
return ERR_PTR(-ENOENT);
}
+static struct nft_table *nf_tables_table_lookup_byhandle(const struct nft_af_info *afi,
+ const struct nlattr *nla,
+ u8 genmask)
+{
+ struct nft_table *table;
+
+ if (nla == NULL)
+ return ERR_PTR(-EINVAL);
+
+ table = nft_table_lookup_byhandle(afi, nla, genmask);
+ if (table != NULL)
+ return table;
+
+ return ERR_PTR(-ENOENT);
+}
+
static inline u64 nf_tables_alloc_handle(struct nft_table *table)
{
return ++table->hgenerator;
@@ -893,14 +931,17 @@ static int nf_tables_deltable(struct net *net, struct sock *nlsk,
struct nft_ctx ctx;
nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla);
- if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
+ if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
return nft_flush(&ctx, family);
afi = nf_tables_afinfo_lookup(net, family, false);
if (IS_ERR(afi))
return PTR_ERR(afi);
+ if (nla[NFTA_TABLE_HANDLE])
+ table = nf_tables_table_lookup_byhandle(afi, nla[NFTA_TABLE_HANDLE], genmask);
+ else
+ table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask);
- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask);
if (IS_ERR(table))
return PTR_ERR(table);
--
2.11.0
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
2018-01-08 17:58 [PATCH v2] netfilter: nf_tables: delete table via table handle Harsha Sharma
@ 2018-01-08 19:23 ` Pablo Neira Ayuso
2018-01-11 12:37 ` kbuild test robot
2018-01-11 14:13 ` kbuild test robot
2 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2018-01-08 19:23 UTC (permalink / raw)
To: Harsha Sharma; +Cc: netfilter-devel
On Mon, Jan 08, 2018 at 11:28:18PM +0530, Harsha Sharma wrote:
> This patch add code to delete table via unique table handle and table
> family.
>
> Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
> ---
> Changes in v2:
> - Remove nf_tables_afinfo_lookup_byhandle
> - Change log message
>
> net/netfilter/nf_tables_api.c | 45 +++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 43 insertions(+), 2 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index ba6065c39674..1f1f3be37034 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -400,6 +400,28 @@ static struct nft_table *nft_table_lookup(const struct nft_af_info *afi,
> return NULL;
> }
>
> +static struct nft_table *__nft_table_lookup_byhandle(const struct nft_af_info *afi,
> + u64 handle, u8 genmask)
Please, rename this __nft_table_lookup_byhandle to nft_table_lookup_byhandle.
> +{
> + struct nft_table *table;
> +
> + list_for_each_entry(table, &afi->tables, list) {
> + if (handle == table->handle &&
> + nft_active_genmask(table, genmask))
> + return table;
> + }
> + return NULL;
> +}
> +
> +static struct nft_table *nft_table_lookup_byhandle(const struct nft_af_info *afi,
> + const struct nlattr *nla,
> + u8 genmask)
> +{
> + return __nft_table_lookup_byhandle(afi,
> + be64_to_cpu(nla_get_be64(nla)),
> + genmask);
> +}
So you can remove this function above.
> +
> static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi,
> const struct nlattr *nla,
> u8 genmask)
> @@ -416,6 +438,22 @@ static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi,
> return ERR_PTR(-ENOENT);
> }
>
> +static struct nft_table *nf_tables_table_lookup_byhandle(const struct nft_af_info *afi,
> + const struct nlattr *nla,
> + u8 genmask)
> +{
> + struct nft_table *table;
> +
> + if (nla == NULL)
> + return ERR_PTR(-EINVAL);
> +
> + table = nft_table_lookup_byhandle(afi, nla, genmask);
> + if (table != NULL)
> + return table;
> +
> + return ERR_PTR(-ENOENT);
> +}
> +
> static inline u64 nf_tables_alloc_handle(struct nft_table *table)
> {
> return ++table->hgenerator;
> @@ -893,14 +931,17 @@ static int nf_tables_deltable(struct net *net, struct sock *nlsk,
> struct nft_ctx ctx;
>
> nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla);
> - if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
> + if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
We have to break lines at 80 chars, so I suggest:
if (family == AF_UNSPEC ||
(!nla[NFTA_TABLE_NAME] && !nla[NFTA_TABLE_HANDLE]))
> return nft_flush(&ctx, family);
>
> afi = nf_tables_afinfo_lookup(net, family, false);
> if (IS_ERR(afi))
> return PTR_ERR(afi);
> + if (nla[NFTA_TABLE_HANDLE])
> + table = nf_tables_table_lookup_byhandle(afi, nla[NFTA_TABLE_HANDLE], genmask);
> + else
> + table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask);
>
> - table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask);
> if (IS_ERR(table))
> return PTR_ERR(table);
Other than that, this looks good.
Once you send v3 for this, please, follow up with chain handles.
Thanks.
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
2018-01-08 17:58 [PATCH v2] netfilter: nf_tables: delete table via table handle Harsha Sharma
2018-01-08 19:23 ` Pablo Neira Ayuso
@ 2018-01-11 12:37 ` kbuild test robot
2018-01-11 12:39 ` Pablo Neira Ayuso
2018-01-11 14:13 ` kbuild test robot
2 siblings, 1 reply; 5+ messages in thread
From: kbuild test robot @ 2018-01-11 12:37 UTC (permalink / raw)
To: Harsha Sharma; +Cc: kbuild-all, pablo, harshasharmaiitr, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 3006 bytes --]
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.15-rc7 next-20180110]
[cannot apply to nf-next/master]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-randconfig-u0-01111920 (attached as .config)
compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle':
net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no member named 'handle'
if (handle == table->handle &&
^
net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable':
>> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared (first use in this function)
if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
^
net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is reported only once for each function it appears in
vim +/NFTA_TABLE_HANDLE +890 net//netfilter/nf_tables_api.c
876
877 static int nf_tables_deltable(struct net *net, struct sock *nlsk,
878 struct sk_buff *skb, const struct nlmsghdr *nlh,
879 const struct nlattr * const nla[],
880 struct netlink_ext_ack *extack)
881 {
882 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
883 u8 genmask = nft_genmask_next(net);
884 struct nft_af_info *afi;
885 struct nft_table *table;
886 int family = nfmsg->nfgen_family;
887 struct nft_ctx ctx;
888
889 nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla);
> 890 if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
891 return nft_flush(&ctx, family);
892
893 afi = nf_tables_afinfo_lookup(net, family, false);
894 if (IS_ERR(afi))
895 return PTR_ERR(afi);
896 if (nla[NFTA_TABLE_HANDLE])
897 table = nf_tables_table_lookup_byhandle(afi, nla[NFTA_TABLE_HANDLE], genmask);
898 else
899 table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask);
900
901 if (IS_ERR(table))
902 return PTR_ERR(table);
903
904 if (nlh->nlmsg_flags & NLM_F_NONREC &&
905 table->use > 0)
906 return -EBUSY;
907
908 ctx.afi = afi;
909 ctx.table = table;
910
911 return nft_flush_table(&ctx);
912 }
913
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 36312 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
2018-01-11 12:37 ` kbuild test robot
@ 2018-01-11 12:39 ` Pablo Neira Ayuso
0 siblings, 0 replies; 5+ messages in thread
From: Pablo Neira Ayuso @ 2018-01-11 12:39 UTC (permalink / raw)
To: kbuild test robot; +Cc: Harsha Sharma, kbuild-all, netfilter-devel
Harsha,
Ignore this, kbuild test robot is getting confused because you have
added table->handle in a separated patch.
On Thu, Jan 11, 2018 at 08:37:13PM +0800, kbuild test robot wrote:
> Hi Harsha,
>
> Thank you for the patch! Yet something to improve:
>
> [auto build test ERROR on nf/master]
> [also build test ERROR on v4.15-rc7 next-20180110]
> [cannot apply to nf-next/master]
> [if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
>
> url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748
> base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
> config: x86_64-randconfig-u0-01111920 (attached as .config)
> compiler: gcc-5 (Debian 5.5.0-3) 5.4.1 20171010
> reproduce:
> # save the attached .config to linux build tree
> make ARCH=x86_64
>
> All errors (new ones prefixed by >>):
>
> net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle':
> net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no member named 'handle'
> if (handle == table->handle &&
> ^
> net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable':
> >> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared (first use in this function)
> if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
> ^
> net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is reported only once for each function it appears in
>
> vim +/NFTA_TABLE_HANDLE +890 net//netfilter/nf_tables_api.c
>
> 876
> 877 static int nf_tables_deltable(struct net *net, struct sock *nlsk,
> 878 struct sk_buff *skb, const struct nlmsghdr *nlh,
> 879 const struct nlattr * const nla[],
> 880 struct netlink_ext_ack *extack)
> 881 {
> 882 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
> 883 u8 genmask = nft_genmask_next(net);
> 884 struct nft_af_info *afi;
> 885 struct nft_table *table;
> 886 int family = nfmsg->nfgen_family;
> 887 struct nft_ctx ctx;
> 888
> 889 nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla);
> > 890 if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
> 891 return nft_flush(&ctx, family);
> 892
> 893 afi = nf_tables_afinfo_lookup(net, family, false);
> 894 if (IS_ERR(afi))
> 895 return PTR_ERR(afi);
> 896 if (nla[NFTA_TABLE_HANDLE])
> 897 table = nf_tables_table_lookup_byhandle(afi, nla[NFTA_TABLE_HANDLE], genmask);
> 898 else
> 899 table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask);
> 900
> 901 if (IS_ERR(table))
> 902 return PTR_ERR(table);
> 903
> 904 if (nlh->nlmsg_flags & NLM_F_NONREC &&
> 905 table->use > 0)
> 906 return -EBUSY;
> 907
> 908 ctx.afi = afi;
> 909 ctx.table = table;
> 910
> 911 return nft_flush_table(&ctx);
> 912 }
> 913
>
> ---
> 0-DAY kernel test infrastructure Open Source Technology Center
> https://lists.01.org/pipermail/kbuild-all Intel Corporation
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2] netfilter: nf_tables: delete table via table handle
2018-01-08 17:58 [PATCH v2] netfilter: nf_tables: delete table via table handle Harsha Sharma
2018-01-08 19:23 ` Pablo Neira Ayuso
2018-01-11 12:37 ` kbuild test robot
@ 2018-01-11 14:13 ` kbuild test robot
2 siblings, 0 replies; 5+ messages in thread
From: kbuild test robot @ 2018-01-11 14:13 UTC (permalink / raw)
To: Harsha Sharma; +Cc: kbuild-all, pablo, harshasharmaiitr, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 2178 bytes --]
Hi Harsha,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on nf/master]
[also build test ERROR on v4.15-rc7 next-20180110]
[cannot apply to nf-next/master]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Harsha-Sharma/netfilter-nf_tables-delete-table-via-table-handle/20180111-153748
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git master
config: x86_64-rhel (attached as .config)
compiler: gcc-7 (Debian 7.2.0-12) 7.2.1 20171025
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All errors (new ones prefixed by >>):
net//netfilter/nf_tables_api.c: In function '__nft_table_lookup_byhandle':
>> net//netfilter/nf_tables_api.c:375:22: error: 'struct nft_table' has no member named 'handle'
if (handle == table->handle &&
^~
net//netfilter/nf_tables_api.c: In function 'nf_tables_deltable':
>> net//netfilter/nf_tables_api.c:890:66: error: 'NFTA_TABLE_HANDLE' undeclared (first use in this function); did you mean 'NFTA_RULE_HANDLE'?
if (family == AF_UNSPEC || (nla[NFTA_TABLE_NAME] == NULL && nla[NFTA_TABLE_HANDLE] == NULL))
^~~~~~~~~~~~~~~~~
NFTA_RULE_HANDLE
net//netfilter/nf_tables_api.c:890:66: note: each undeclared identifier is reported only once for each function it appears in
vim +375 net//netfilter/nf_tables_api.c
368
369 static struct nft_table *__nft_table_lookup_byhandle(const struct nft_af_info *afi,
370 u64 handle, u8 genmask)
371 {
372 struct nft_table *table;
373
374 list_for_each_entry(table, &afi->tables, list) {
> 375 if (handle == table->handle &&
376 nft_active_genmask(table, genmask))
377 return table;
378 }
379 return NULL;
380 }
381
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 40340 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-11 14:14 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-01-08 17:58 [PATCH v2] netfilter: nf_tables: delete table via table handle Harsha Sharma
2018-01-08 19:23 ` Pablo Neira Ayuso
2018-01-11 12:37 ` kbuild test robot
2018-01-11 12:39 ` Pablo Neira Ayuso
2018-01-11 14:13 ` kbuild test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).