OpenWrt – Diff between revs 2 and 3
?pathlinks?
Rev 2 | Rev 3 | |||
---|---|---|---|---|
Line 242... | Line 242... | |||
242 | + family, genmask); |
242 | + family, genmask); |
|
243 | + |
243 | + |
|
244 | if (IS_ERR(table)) |
244 | if (IS_ERR(table)) |
|
245 | return PTR_ERR(table); |
245 | return PTR_ERR(table); |
|
Line 246... | Line 246... | |||
246 | |
246 | |
|
247 | @@ -1581,6 +1623,7 @@ static int nf_tables_delchain(struct net |
247 | @@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net |
|
248 | struct nft_rule *rule; |
248 | struct nft_rule *rule; |
|
249 | int family = nfmsg->nfgen_family; |
249 | int family = nfmsg->nfgen_family; |
|
250 | struct nft_ctx ctx; |
250 | struct nft_ctx ctx; |
|
251 | + u64 handle; |
251 | + u64 handle; |
|
252 | u32 use; |
252 | u32 use; |
|
Line 253... | Line 253... | |||
253 | int err; |
253 | int err; |
|
254 | |
254 | |
|
255 | @@ -1589,7 +1632,12 @@ static int nf_tables_delchain(struct net |
255 | @@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net |
|
Line 256... | Line 256... | |||
256 | if (IS_ERR(table)) |
256 | if (IS_ERR(table)) |
|
257 | return PTR_ERR(table); |
257 | return PTR_ERR(table); |
|
Line 264... | Line 264... | |||
264 | + chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask); |
264 | + chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask); |
|
265 | + } |
265 | + } |
|
266 | if (IS_ERR(chain)) |
266 | if (IS_ERR(chain)) |
|
267 | return PTR_ERR(chain); |
267 | return PTR_ERR(chain); |
|
Line 268... | Line 268... | |||
268 | |
268 | |
|
269 | @@ -2557,6 +2605,7 @@ static const struct nla_policy nft_set_p |
269 | @@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p |
|
270 | [NFTA_SET_USERDATA] = { .type = NLA_BINARY, |
270 | [NFTA_SET_USERDATA] = { .type = NLA_BINARY, |
|
271 | .len = NFT_USERDATA_MAXLEN }, |
271 | .len = NFT_USERDATA_MAXLEN }, |
|
272 | [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, |
272 | [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, |
|
273 | + [NFTA_SET_HANDLE] = { .type = NLA_U64 }, |
273 | + [NFTA_SET_HANDLE] = { .type = NLA_U64 }, |
|
Line 274... | Line 274... | |||
274 | }; |
274 | }; |
|
275 | |
275 | |
|
276 | static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { |
276 | static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { |
|
277 | @@ -2600,6 +2649,22 @@ static struct nft_set *nf_tables_set_loo |
277 | @@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo |
|
Line 278... | Line 278... | |||
278 | return ERR_PTR(-ENOENT); |
278 | return ERR_PTR(-ENOENT); |
|
279 | } |
279 | } |
|
Line 295... | Line 295... | |||
295 | +} |
295 | +} |
|
296 | + |
296 | + |
|
297 | static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, |
297 | static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, |
|
298 | const struct nlattr *nla, |
298 | const struct nlattr *nla, |
|
299 | u8 genmask) |
299 | u8 genmask) |
|
300 | @@ -2716,6 +2781,9 @@ static int nf_tables_fill_set(struct sk_ |
300 | @@ -2706,6 +2771,9 @@ static int nf_tables_fill_set(struct sk_ |
|
301 | goto nla_put_failure; |
301 | goto nla_put_failure; |
|
302 | if (nla_put_string(skb, NFTA_SET_NAME, set->name)) |
302 | if (nla_put_string(skb, NFTA_SET_NAME, set->name)) |
|
303 | goto nla_put_failure; |
303 | goto nla_put_failure; |
|
304 | + if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle), |
304 | + if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle), |
|
305 | + NFTA_SET_PAD)) |
305 | + NFTA_SET_PAD)) |
|
306 | + goto nla_put_failure; |
306 | + goto nla_put_failure; |
|
307 | if (set->flags != 0) |
307 | if (set->flags != 0) |
|
308 | if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) |
308 | if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) |
|
309 | goto nla_put_failure; |
309 | goto nla_put_failure; |
|
310 | @@ -3124,6 +3192,7 @@ static int nf_tables_newset(struct net * |
310 | @@ -3114,6 +3182,7 @@ static int nf_tables_newset(struct net * |
|
311 | set->udata = udata; |
311 | set->udata = udata; |
|
312 | set->timeout = timeout; |
312 | set->timeout = timeout; |
|
313 | set->gc_int = gc_int; |
313 | set->gc_int = gc_int; |
|
314 | + set->handle = nf_tables_alloc_handle(table); |
314 | + set->handle = nf_tables_alloc_handle(table); |
|
Line 315... | Line 315... | |||
315 | |
315 | |
|
316 | err = ops->init(set, &desc, nla); |
316 | err = ops->init(set, &desc, nla); |
|
317 | if (err < 0) |
317 | if (err < 0) |
|
318 | @@ -3183,7 +3252,10 @@ static int nf_tables_delset(struct net * |
318 | @@ -3173,7 +3242,10 @@ static int nf_tables_delset(struct net * |
|
319 | if (err < 0) |
319 | if (err < 0) |
|
Line 320... | Line 320... | |||
320 | return err; |
320 | return err; |
|
321 | |
321 | |
|
Line 325... | Line 325... | |||
325 | + else |
325 | + else |
|
326 | + set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask); |
326 | + set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask); |
|
327 | if (IS_ERR(set)) |
327 | if (IS_ERR(set)) |
|
328 | return PTR_ERR(set); |
328 | return PTR_ERR(set); |
|
Line 329... | Line 329... | |||
329 | |
329 | |
|
330 | @@ -4244,6 +4316,21 @@ struct nft_object *nf_tables_obj_lookup( |
330 | @@ -4233,6 +4305,21 @@ struct nft_object *nf_tables_obj_lookup( |
|
331 | } |
331 | } |
|
Line 332... | Line 332... | |||
332 | EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); |
332 | EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); |
|
333 | |
333 | |
|
Line 347... | Line 347... | |||
347 | +} |
347 | +} |
|
348 | + |
348 | + |
|
349 | static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { |
349 | static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { |
|
350 | [NFTA_OBJ_TABLE] = { .type = NLA_STRING, |
350 | [NFTA_OBJ_TABLE] = { .type = NLA_STRING, |
|
351 | .len = NFT_TABLE_MAXNAMELEN - 1 }, |
351 | .len = NFT_TABLE_MAXNAMELEN - 1 }, |
|
352 | @@ -4251,6 +4338,7 @@ static const struct nla_policy nft_obj_p |
352 | @@ -4240,6 +4327,7 @@ static const struct nla_policy nft_obj_p |
|
353 | .len = NFT_OBJ_MAXNAMELEN - 1 }, |
353 | .len = NFT_OBJ_MAXNAMELEN - 1 }, |
|
354 | [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, |
354 | [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, |
|
355 | [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, |
355 | [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, |
|
356 | + [NFTA_OBJ_HANDLE] = { .type = NLA_U64}, |
356 | + [NFTA_OBJ_HANDLE] = { .type = NLA_U64}, |
|
357 | }; |
357 | }; |
|
Line 358... | Line 358... | |||
358 | |
358 | |
|
359 | static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, |
359 | static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, |
|
360 | @@ -4398,6 +4486,8 @@ static int nf_tables_newobj(struct net * |
360 | @@ -4387,6 +4475,8 @@ static int nf_tables_newobj(struct net * |
|
361 | goto err1; |
361 | goto err1; |
|
362 | } |
362 | } |
|
363 | obj->table = table; |
363 | obj->table = table; |
|
364 | + obj->handle = nf_tables_alloc_handle(table); |
364 | + obj->handle = nf_tables_alloc_handle(table); |
|
365 | + |
365 | + |
|
366 | obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); |
366 | obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); |
|
367 | if (!obj->name) { |
367 | if (!obj->name) { |
|
368 | err = -ENOMEM; |
368 | err = -ENOMEM; |
|
369 | @@ -4444,7 +4534,9 @@ static int nf_tables_fill_obj_info(struc |
369 | @@ -4433,7 +4523,9 @@ static int nf_tables_fill_obj_info(struc |
|
370 | nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || |
370 | nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || |
|
371 | nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || |
371 | nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || |
|
372 | nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || |
372 | nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || |
|
373 | - nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset)) |
373 | - nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset)) |
|
374 | + nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset) || |
374 | + nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset) || |
|
375 | + nla_put_be64(skb, NFTA_OBJ_HANDLE, cpu_to_be64(obj->handle), |
375 | + nla_put_be64(skb, NFTA_OBJ_HANDLE, cpu_to_be64(obj->handle), |
|
376 | + NFTA_OBJ_PAD)) |
376 | + NFTA_OBJ_PAD)) |
|
Line 377... | Line 377... | |||
377 | goto nla_put_failure; |
377 | goto nla_put_failure; |
|
378 | |
378 | |
|
379 | nlmsg_end(skb, nlh); |
379 | nlmsg_end(skb, nlh); |
|
Line 380... | Line 380... | |||
380 | @@ -4642,7 +4734,7 @@ static int nf_tables_delobj(struct net * |
380 | @@ -4631,7 +4723,7 @@ static int nf_tables_delobj(struct net * |
|
381 | u32 objtype; |
381 | u32 objtype; |
|
382 | |
382 | |
|
383 | if (!nla[NFTA_OBJ_TYPE] || |
383 | if (!nla[NFTA_OBJ_TYPE] || |
|
Line 384... | Line 384... | |||
384 | - !nla[NFTA_OBJ_NAME]) |
384 | - !nla[NFTA_OBJ_NAME]) |
|
385 | + (!nla[NFTA_OBJ_NAME] && !nla[NFTA_OBJ_HANDLE])) |
385 | + (!nla[NFTA_OBJ_NAME] && !nla[NFTA_OBJ_HANDLE])) |
|
386 | return -EINVAL; |
386 | return -EINVAL; |
|
Line 387... | Line 387... | |||
387 | |
387 | |
|
388 | table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
388 | table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
|
389 | @@ -4651,7 +4743,12 @@ static int nf_tables_delobj(struct net * |
389 | @@ -4640,7 +4732,12 @@ static int nf_tables_delobj(struct net * |
|
Line 398... | Line 398... | |||
398 | + obj = nf_tables_obj_lookup(table, nla[NFTA_OBJ_NAME], |
398 | + obj = nf_tables_obj_lookup(table, nla[NFTA_OBJ_NAME], |
|
399 | + objtype, genmask); |
399 | + objtype, genmask); |
|
400 | if (IS_ERR(obj)) |
400 | if (IS_ERR(obj)) |
|
401 | return PTR_ERR(obj); |
401 | return PTR_ERR(obj); |
|
402 | if (obj->use > 0) |
402 | if (obj->use > 0) |
|
403 | @@ -4723,6 +4820,7 @@ static const struct nla_policy nft_flowt |
403 | @@ -4712,6 +4809,7 @@ static const struct nla_policy nft_flowt |
|
404 | [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, |
404 | [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, |
|
405 | .len = NFT_NAME_MAXLEN - 1 }, |
405 | .len = NFT_NAME_MAXLEN - 1 }, |
|
406 | [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, |
406 | [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, |
|
407 | + [NFTA_FLOWTABLE_HANDLE] = { .type = NLA_U64 }, |
407 | + [NFTA_FLOWTABLE_HANDLE] = { .type = NLA_U64 }, |
|
408 | }; |
408 | }; |
|
Line 409... | Line 409... | |||
409 | |
409 | |
|
410 | struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, |
410 | struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, |
|
411 | @@ -4740,6 +4838,20 @@ struct nft_flowtable *nf_tables_flowtabl |
411 | @@ -4729,6 +4827,20 @@ struct nft_flowtable *nf_tables_flowtabl |
|
412 | } |
412 | } |
|
Line 413... | Line 413... | |||
413 | EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); |
413 | EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); |
|
414 | |
414 | |
|
Line 427... | Line 427... | |||
427 | +} |
427 | +} |
|
428 | + |
428 | + |
|
429 | #define NFT_FLOWTABLE_DEVICE_MAX 8 |
429 | #define NFT_FLOWTABLE_DEVICE_MAX 8 |
|
Line 430... | Line 430... | |||
430 | |
430 | |
|
431 | static int nf_tables_parse_devices(const struct nft_ctx *ctx, |
431 | static int nf_tables_parse_devices(const struct nft_ctx *ctx, |
|
432 | @@ -4948,6 +5060,8 @@ static int nf_tables_newflowtable(struct |
432 | @@ -4937,6 +5049,8 @@ static int nf_tables_newflowtable(struct |
|
Line 433... | Line 433... | |||
433 | return -ENOMEM; |
433 | return -ENOMEM; |
|
434 | |
434 | |
|
435 | flowtable->table = table; |
435 | flowtable->table = table; |
|
436 | + flowtable->handle = nf_tables_alloc_handle(table); |
436 | + flowtable->handle = nf_tables_alloc_handle(table); |
|
437 | + |
437 | + |
|
438 | flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); |
438 | flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); |
|
439 | if (!flowtable->name) { |
439 | if (!flowtable->name) { |
|
440 | err = -ENOMEM; |
440 | err = -ENOMEM; |
|
441 | @@ -5022,8 +5136,14 @@ static int nf_tables_delflowtable(struct |
441 | @@ -5011,8 +5125,14 @@ static int nf_tables_delflowtable(struct |
|
Line 442... | Line 442... | |||
442 | if (IS_ERR(table)) |
442 | if (IS_ERR(table)) |
|
443 | return PTR_ERR(table); |
443 | return PTR_ERR(table); |
|
Line 453... | Line 453... | |||
453 | + nla[NFTA_FLOWTABLE_NAME], |
453 | + nla[NFTA_FLOWTABLE_NAME], |
|
454 | + genmask); |
454 | + genmask); |
|
455 | if (IS_ERR(flowtable)) |
455 | if (IS_ERR(flowtable)) |
|
456 | return PTR_ERR(flowtable); |
456 | return PTR_ERR(flowtable); |
|
457 | if (flowtable->use > 0) |
457 | if (flowtable->use > 0) |
|
458 | @@ -5056,7 +5176,9 @@ static int nf_tables_fill_flowtable_info |
458 | @@ -5045,7 +5165,9 @@ static int nf_tables_fill_flowtable_info |
|
Line 459... | Line 459... | |||
459 | |
459 | |
|
460 | if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || |
460 | if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || |
|
461 | nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || |
461 | nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || |
|
462 | - nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use))) |
462 | - nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use))) |