--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
-@@ -369,6 +369,7 @@ void nft_unregister_set(struct nft_set_t
+@@ -370,6 +370,7 @@ void nft_unregister_set(struct nft_set_t
* @list: table set list node
* @bindings: list of set bindings
* @name: name of the set
* @ktype: key type (numeric type defined by userspace, not used in the kernel)
* @dtype: data type (verdict or numeric type defined by userspace)
* @objtype: object type (see NFT_OBJECT_* definitions)
-@@ -391,6 +392,7 @@ struct nft_set {
+@@ -392,6 +393,7 @@ struct nft_set {
struct list_head list;
struct list_head bindings;
char *name;
u32 ktype;
u32 dtype;
u32 objtype;
-@@ -936,6 +938,7 @@ unsigned int nft_do_chain(struct nft_pkt
+@@ -942,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt
* @objects: stateful objects in the table
* @flowtables: flow tables in the table
* @hgenerator: handle generator state
* @use: number of chain references to this table
* @flags: table flag (see enum nft_table_flags)
* @genmask: generation mask
-@@ -949,6 +952,7 @@ struct nft_table {
+@@ -955,6 +958,7 @@ struct nft_table {
struct list_head objects;
struct list_head flowtables;
u64 hgenerator;
u32 use;
u16 family:6,
flags:8,
-@@ -973,9 +977,9 @@ int nft_verdict_dump(struct sk_buff *skb
+@@ -979,9 +983,9 @@ int nft_verdict_dump(struct sk_buff *skb
* @name: name of this stateful object
* @genmask: generation mask
* @use: number of references to this stateful object
*/
struct nft_object {
struct list_head list;
-@@ -983,6 +987,7 @@ struct nft_object {
+@@ -989,6 +993,7 @@ struct nft_object {
struct nft_table *table;
u32 genmask:2,
use:30;
/* runtime data below here */
const struct nft_object_ops *ops ____cacheline_aligned;
unsigned char data[]
-@@ -1064,6 +1069,7 @@ void nft_unregister_obj(struct nft_objec
+@@ -1070,6 +1075,7 @@ void nft_unregister_obj(struct nft_objec
* @ops_len: number of hooks in array
* @genmask: generation mask
* @use: number of references to this flow table
* @data: rhashtable and garbage collector
* @ops: array of hooks
*/
-@@ -1076,6 +1082,7 @@ struct nft_flowtable {
+@@ -1082,6 +1088,7 @@ struct nft_flowtable {
int ops_len;
u32 genmask:2,
use:30;
static void nft_ctx_init(struct nft_ctx *ctx,
struct net *net,
-@@ -332,6 +333,20 @@ static struct nft_table *nft_table_looku
+@@ -376,6 +377,20 @@ static struct nft_table *nft_table_looku
return NULL;
}
static struct nft_table *nf_tables_table_lookup(const struct net *net,
const struct nlattr *nla,
u8 family, u8 genmask)
-@@ -348,6 +363,22 @@ static struct nft_table *nf_tables_table
+@@ -392,6 +407,22 @@ static struct nft_table *nf_tables_table
return ERR_PTR(-ENOENT);
}
static inline u64 nf_tables_alloc_handle(struct nft_table *table)
{
return ++table->hgenerator;
-@@ -394,6 +425,7 @@ static const struct nla_policy nft_table
+@@ -438,6 +469,7 @@ static const struct nla_policy nft_table
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
.len = NFT_TABLE_MAXNAMELEN - 1 },
[NFTA_TABLE_FLAGS] = { .type = NLA_U32 },
};
static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
-@@ -415,7 +447,9 @@ static int nf_tables_fill_table_info(str
+@@ -459,7 +491,9 @@ static int nf_tables_fill_table_info(str
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
goto nla_put_failure;
nlmsg_end(skb, nlh);
-@@ -674,6 +708,7 @@ static int nf_tables_newtable(struct net
+@@ -718,6 +752,7 @@ static int nf_tables_newtable(struct net
INIT_LIST_HEAD(&table->flowtables);
table->family = family;
table->flags = flags;
nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
-@@ -791,11 +826,18 @@ static int nf_tables_deltable(struct net
+@@ -835,11 +870,18 @@ static int nf_tables_deltable(struct net
struct nft_ctx ctx;
nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -1534,6 +1576,7 @@ static int nf_tables_delchain(struct net
+@@ -1596,6 +1638,7 @@ static int nf_tables_delchain(struct net
struct nft_rule *rule;
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
u32 use;
int err;
-@@ -1542,7 +1585,12 @@ static int nf_tables_delchain(struct net
+@@ -1604,7 +1647,12 @@ static int nf_tables_delchain(struct net
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(chain))
return PTR_ERR(chain);
-@@ -2503,6 +2551,7 @@ static const struct nla_policy nft_set_p
+@@ -2579,6 +2627,7 @@ static const struct nla_policy nft_set_p
[NFTA_SET_USERDATA] = { .type = NLA_BINARY,
.len = NFT_USERDATA_MAXLEN },
[NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 },
};
static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
-@@ -2546,6 +2595,22 @@ static struct nft_set *nf_tables_set_loo
+@@ -2622,6 +2671,22 @@ static struct nft_set *nf_tables_set_loo
return ERR_PTR(-ENOENT);
}
static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
const struct nlattr *nla,
u8 genmask)
-@@ -2661,6 +2726,9 @@ static int nf_tables_fill_set(struct sk_
+@@ -2738,6 +2803,9 @@ static int nf_tables_fill_set(struct sk_
goto nla_put_failure;
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
goto nla_put_failure;
if (set->flags != 0)
if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
goto nla_put_failure;
-@@ -3069,6 +3137,7 @@ static int nf_tables_newset(struct net *
+@@ -3149,6 +3217,7 @@ static int nf_tables_newset(struct net *
set->udata = udata;
set->timeout = timeout;
set->gc_int = gc_int;
err = ops->init(set, &desc, nla);
if (err < 0)
-@@ -3126,7 +3195,10 @@ static int nf_tables_delset(struct net *
+@@ -3208,7 +3277,10 @@ static int nf_tables_delset(struct net *
if (err < 0)
return err;
if (IS_ERR(set))
return PTR_ERR(set);
-@@ -4182,6 +4254,21 @@ struct nft_object *nf_tables_obj_lookup(
+@@ -4277,6 +4349,21 @@ struct nft_object *nf_tables_obj_lookup(
}
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
[NFTA_OBJ_TABLE] = { .type = NLA_STRING,
.len = NFT_TABLE_MAXNAMELEN - 1 },
-@@ -4189,6 +4276,7 @@ static const struct nla_policy nft_obj_p
+@@ -4284,6 +4371,7 @@ static const struct nla_policy nft_obj_p
.len = NFT_OBJ_MAXNAMELEN - 1 },
[NFTA_OBJ_TYPE] = { .type = NLA_U32 },
[NFTA_OBJ_DATA] = { .type = NLA_NESTED },
};
static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
-@@ -4336,6 +4424,8 @@ static int nf_tables_newobj(struct net *
+@@ -4431,6 +4519,8 @@ static int nf_tables_newobj(struct net *
goto err1;
}
obj->table = table;
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
if (!obj->name) {
err = -ENOMEM;
-@@ -4382,7 +4472,9 @@ static int nf_tables_fill_obj_info(struc
+@@ -4477,7 +4567,9 @@ static int nf_tables_fill_obj_info(struc
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
goto nla_put_failure;
nlmsg_end(skb, nlh);
-@@ -4580,7 +4672,7 @@ static int nf_tables_delobj(struct net *
+@@ -4675,7 +4767,7 @@ static int nf_tables_delobj(struct net *
u32 objtype;
if (!nla[NFTA_OBJ_TYPE] ||
return -EINVAL;
table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
-@@ -4589,7 +4681,12 @@ static int nf_tables_delobj(struct net *
+@@ -4684,7 +4776,12 @@ static int nf_tables_delobj(struct net *
return PTR_ERR(table);
objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
if (IS_ERR(obj))
return PTR_ERR(obj);
if (obj->use > 0)
-@@ -4661,6 +4758,7 @@ static const struct nla_policy nft_flowt
+@@ -4756,6 +4853,7 @@ static const struct nla_policy nft_flowt
[NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING,
.len = NFT_NAME_MAXLEN - 1 },
[NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED },
};
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
-@@ -4678,6 +4776,20 @@ struct nft_flowtable *nf_tables_flowtabl
+@@ -4773,6 +4871,20 @@ struct nft_flowtable *nf_tables_flowtabl
}
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
#define NFT_FLOWTABLE_DEVICE_MAX 8
static int nf_tables_parse_devices(const struct nft_ctx *ctx,
-@@ -4886,6 +4998,8 @@ static int nf_tables_newflowtable(struct
+@@ -4981,6 +5093,8 @@ static int nf_tables_newflowtable(struct
return -ENOMEM;
flowtable->table = table;
flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
if (!flowtable->name) {
err = -ENOMEM;
-@@ -4960,8 +5074,14 @@ static int nf_tables_delflowtable(struct
+@@ -5055,8 +5169,14 @@ static int nf_tables_delflowtable(struct
if (IS_ERR(table))
return PTR_ERR(table);
if (IS_ERR(flowtable))
return PTR_ERR(flowtable);
if (flowtable->use > 0)
-@@ -4994,7 +5114,9 @@ static int nf_tables_fill_flowtable_info
+@@ -5089,7 +5209,9 @@ static int nf_tables_fill_flowtable_info
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
projects / openwrt / staging / rmilecki.git / blobdiff