OpenWrt – Diff between revs 2 and 3
?pathlinks?
| Rev 2 | Rev 3 | |||
|---|---|---|---|---|
| Line 242... | Line 242... | |||
| 242 | + family, genmask); |
242 | + family, genmask); |
|
| 243 | + |
243 | + |
|
| 244 | if (IS_ERR(table)) |
244 | if (IS_ERR(table)) |
|
| 245 | return PTR_ERR(table); |
245 | return PTR_ERR(table); |
|
| Line 246... | Line 246... | |||
| 246 | |
246 | |
|
| 247 | @@ -1581,6 +1623,7 @@ static int nf_tables_delchain(struct net |
247 | @@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net |
|
| 248 | struct nft_rule *rule; |
248 | struct nft_rule *rule; |
|
| 249 | int family = nfmsg->nfgen_family; |
249 | int family = nfmsg->nfgen_family; |
|
| 250 | struct nft_ctx ctx; |
250 | struct nft_ctx ctx; |
|
| 251 | + u64 handle; |
251 | + u64 handle; |
|
| 252 | u32 use; |
252 | u32 use; |
|
| Line 253... | Line 253... | |||
| 253 | int err; |
253 | int err; |
|
| 254 | |
254 | |
|
| 255 | @@ -1589,7 +1632,12 @@ static int nf_tables_delchain(struct net |
255 | @@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net |
|
| Line 256... | Line 256... | |||
| 256 | if (IS_ERR(table)) |
256 | if (IS_ERR(table)) |
|
| 257 | return PTR_ERR(table); |
257 | return PTR_ERR(table); |
|
| Line 264... | Line 264... | |||
| 264 | + chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask); |
264 | + chain = nf_tables_chain_lookup(table, nla[NFTA_CHAIN_NAME], genmask); |
|
| 265 | + } |
265 | + } |
|
| 266 | if (IS_ERR(chain)) |
266 | if (IS_ERR(chain)) |
|
| 267 | return PTR_ERR(chain); |
267 | return PTR_ERR(chain); |
|
| Line 268... | Line 268... | |||
| 268 | |
268 | |
|
| 269 | @@ -2557,6 +2605,7 @@ static const struct nla_policy nft_set_p |
269 | @@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p |
|
| 270 | [NFTA_SET_USERDATA] = { .type = NLA_BINARY, |
270 | [NFTA_SET_USERDATA] = { .type = NLA_BINARY, |
|
| 271 | .len = NFT_USERDATA_MAXLEN }, |
271 | .len = NFT_USERDATA_MAXLEN }, |
|
| 272 | [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, |
272 | [NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 }, |
|
| 273 | + [NFTA_SET_HANDLE] = { .type = NLA_U64 }, |
273 | + [NFTA_SET_HANDLE] = { .type = NLA_U64 }, |
|
| Line 274... | Line 274... | |||
| 274 | }; |
274 | }; |
|
| 275 | |
275 | |
|
| 276 | static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { |
276 | static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { |
|
| 277 | @@ -2600,6 +2649,22 @@ static struct nft_set *nf_tables_set_loo |
277 | @@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo |
|
| Line 278... | Line 278... | |||
| 278 | return ERR_PTR(-ENOENT); |
278 | return ERR_PTR(-ENOENT); |
|
| 279 | } |
279 | } |
|
| Line 295... | Line 295... | |||
| 295 | +} |
295 | +} |
|
| 296 | + |
296 | + |
|
| 297 | static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, |
297 | static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, |
|
| 298 | const struct nlattr *nla, |
298 | const struct nlattr *nla, |
|
| 299 | u8 genmask) |
299 | u8 genmask) |
|
| 300 | @@ -2716,6 +2781,9 @@ static int nf_tables_fill_set(struct sk_ |
300 | @@ -2706,6 +2771,9 @@ static int nf_tables_fill_set(struct sk_ |
|
| 301 | goto nla_put_failure; |
301 | goto nla_put_failure; |
|
| 302 | if (nla_put_string(skb, NFTA_SET_NAME, set->name)) |
302 | if (nla_put_string(skb, NFTA_SET_NAME, set->name)) |
|
| 303 | goto nla_put_failure; |
303 | goto nla_put_failure; |
|
| 304 | + if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle), |
304 | + if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle), |
|
| 305 | + NFTA_SET_PAD)) |
305 | + NFTA_SET_PAD)) |
|
| 306 | + goto nla_put_failure; |
306 | + goto nla_put_failure; |
|
| 307 | if (set->flags != 0) |
307 | if (set->flags != 0) |
|
| 308 | if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) |
308 | if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags))) |
|
| 309 | goto nla_put_failure; |
309 | goto nla_put_failure; |
|
| 310 | @@ -3124,6 +3192,7 @@ static int nf_tables_newset(struct net * |
310 | @@ -3114,6 +3182,7 @@ static int nf_tables_newset(struct net * |
|
| 311 | set->udata = udata; |
311 | set->udata = udata; |
|
| 312 | set->timeout = timeout; |
312 | set->timeout = timeout; |
|
| 313 | set->gc_int = gc_int; |
313 | set->gc_int = gc_int; |
|
| 314 | + set->handle = nf_tables_alloc_handle(table); |
314 | + set->handle = nf_tables_alloc_handle(table); |
|
| Line 315... | Line 315... | |||
| 315 | |
315 | |
|
| 316 | err = ops->init(set, &desc, nla); |
316 | err = ops->init(set, &desc, nla); |
|
| 317 | if (err < 0) |
317 | if (err < 0) |
|
| 318 | @@ -3183,7 +3252,10 @@ static int nf_tables_delset(struct net * |
318 | @@ -3173,7 +3242,10 @@ static int nf_tables_delset(struct net * |
|
| 319 | if (err < 0) |
319 | if (err < 0) |
|
| Line 320... | Line 320... | |||
| 320 | return err; |
320 | return err; |
|
| 321 | |
321 | |
|
| Line 325... | Line 325... | |||
| 325 | + else |
325 | + else |
|
| 326 | + set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask); |
326 | + set = nf_tables_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask); |
|
| 327 | if (IS_ERR(set)) |
327 | if (IS_ERR(set)) |
|
| 328 | return PTR_ERR(set); |
328 | return PTR_ERR(set); |
|
| Line 329... | Line 329... | |||
| 329 | |
329 | |
|
| 330 | @@ -4244,6 +4316,21 @@ struct nft_object *nf_tables_obj_lookup( |
330 | @@ -4233,6 +4305,21 @@ struct nft_object *nf_tables_obj_lookup( |
|
| 331 | } |
331 | } |
|
| Line 332... | Line 332... | |||
| 332 | EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); |
332 | EXPORT_SYMBOL_GPL(nf_tables_obj_lookup); |
|
| 333 | |
333 | |
|
| Line 347... | Line 347... | |||
| 347 | +} |
347 | +} |
|
| 348 | + |
348 | + |
|
| 349 | static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { |
349 | static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = { |
|
| 350 | [NFTA_OBJ_TABLE] = { .type = NLA_STRING, |
350 | [NFTA_OBJ_TABLE] = { .type = NLA_STRING, |
|
| 351 | .len = NFT_TABLE_MAXNAMELEN - 1 }, |
351 | .len = NFT_TABLE_MAXNAMELEN - 1 }, |
|
| 352 | @@ -4251,6 +4338,7 @@ static const struct nla_policy nft_obj_p |
352 | @@ -4240,6 +4327,7 @@ static const struct nla_policy nft_obj_p |
|
| 353 | .len = NFT_OBJ_MAXNAMELEN - 1 }, |
353 | .len = NFT_OBJ_MAXNAMELEN - 1 }, |
|
| 354 | [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, |
354 | [NFTA_OBJ_TYPE] = { .type = NLA_U32 }, |
|
| 355 | [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, |
355 | [NFTA_OBJ_DATA] = { .type = NLA_NESTED }, |
|
| 356 | + [NFTA_OBJ_HANDLE] = { .type = NLA_U64}, |
356 | + [NFTA_OBJ_HANDLE] = { .type = NLA_U64}, |
|
| 357 | }; |
357 | }; |
|
| Line 358... | Line 358... | |||
| 358 | |
358 | |
|
| 359 | static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, |
359 | static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, |
|
| 360 | @@ -4398,6 +4486,8 @@ static int nf_tables_newobj(struct net * |
360 | @@ -4387,6 +4475,8 @@ static int nf_tables_newobj(struct net * |
|
| 361 | goto err1; |
361 | goto err1; |
|
| 362 | } |
362 | } |
|
| 363 | obj->table = table; |
363 | obj->table = table; |
|
| 364 | + obj->handle = nf_tables_alloc_handle(table); |
364 | + obj->handle = nf_tables_alloc_handle(table); |
|
| 365 | + |
365 | + |
|
| 366 | obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); |
366 | obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL); |
|
| 367 | if (!obj->name) { |
367 | if (!obj->name) { |
|
| 368 | err = -ENOMEM; |
368 | err = -ENOMEM; |
|
| 369 | @@ -4444,7 +4534,9 @@ static int nf_tables_fill_obj_info(struc |
369 | @@ -4433,7 +4523,9 @@ static int nf_tables_fill_obj_info(struc |
|
| 370 | nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || |
370 | nla_put_string(skb, NFTA_OBJ_NAME, obj->name) || |
|
| 371 | nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || |
371 | nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) || |
|
| 372 | nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || |
372 | nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) || |
|
| 373 | - nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset)) |
373 | - nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset)) |
|
| 374 | + nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset) || |
374 | + nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset) || |
|
| 375 | + nla_put_be64(skb, NFTA_OBJ_HANDLE, cpu_to_be64(obj->handle), |
375 | + nla_put_be64(skb, NFTA_OBJ_HANDLE, cpu_to_be64(obj->handle), |
|
| 376 | + NFTA_OBJ_PAD)) |
376 | + NFTA_OBJ_PAD)) |
|
| Line 377... | Line 377... | |||
| 377 | goto nla_put_failure; |
377 | goto nla_put_failure; |
|
| 378 | |
378 | |
|
| 379 | nlmsg_end(skb, nlh); |
379 | nlmsg_end(skb, nlh); |
|
| Line 380... | Line 380... | |||
| 380 | @@ -4642,7 +4734,7 @@ static int nf_tables_delobj(struct net * |
380 | @@ -4631,7 +4723,7 @@ static int nf_tables_delobj(struct net * |
|
| 381 | u32 objtype; |
381 | u32 objtype; |
|
| 382 | |
382 | |
|
| 383 | if (!nla[NFTA_OBJ_TYPE] || |
383 | if (!nla[NFTA_OBJ_TYPE] || |
|
| Line 384... | Line 384... | |||
| 384 | - !nla[NFTA_OBJ_NAME]) |
384 | - !nla[NFTA_OBJ_NAME]) |
|
| 385 | + (!nla[NFTA_OBJ_NAME] && !nla[NFTA_OBJ_HANDLE])) |
385 | + (!nla[NFTA_OBJ_NAME] && !nla[NFTA_OBJ_HANDLE])) |
|
| 386 | return -EINVAL; |
386 | return -EINVAL; |
|
| Line 387... | Line 387... | |||
| 387 | |
387 | |
|
| 388 | table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
388 | table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
|
| 389 | @@ -4651,7 +4743,12 @@ static int nf_tables_delobj(struct net * |
389 | @@ -4640,7 +4732,12 @@ static int nf_tables_delobj(struct net * |
|
| Line 398... | Line 398... | |||
| 398 | + obj = nf_tables_obj_lookup(table, nla[NFTA_OBJ_NAME], |
398 | + obj = nf_tables_obj_lookup(table, nla[NFTA_OBJ_NAME], |
|
| 399 | + objtype, genmask); |
399 | + objtype, genmask); |
|
| 400 | if (IS_ERR(obj)) |
400 | if (IS_ERR(obj)) |
|
| 401 | return PTR_ERR(obj); |
401 | return PTR_ERR(obj); |
|
| 402 | if (obj->use > 0) |
402 | if (obj->use > 0) |
|
| 403 | @@ -4723,6 +4820,7 @@ static const struct nla_policy nft_flowt |
403 | @@ -4712,6 +4809,7 @@ static const struct nla_policy nft_flowt |
|
| 404 | [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, |
404 | [NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING, |
|
| 405 | .len = NFT_NAME_MAXLEN - 1 }, |
405 | .len = NFT_NAME_MAXLEN - 1 }, |
|
| 406 | [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, |
406 | [NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED }, |
|
| 407 | + [NFTA_FLOWTABLE_HANDLE] = { .type = NLA_U64 }, |
407 | + [NFTA_FLOWTABLE_HANDLE] = { .type = NLA_U64 }, |
|
| 408 | }; |
408 | }; |
|
| Line 409... | Line 409... | |||
| 409 | |
409 | |
|
| 410 | struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, |
410 | struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table, |
|
| 411 | @@ -4740,6 +4838,20 @@ struct nft_flowtable *nf_tables_flowtabl |
411 | @@ -4729,6 +4827,20 @@ struct nft_flowtable *nf_tables_flowtabl |
|
| 412 | } |
412 | } |
|
| Line 413... | Line 413... | |||
| 413 | EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); |
413 | EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup); |
|
| 414 | |
414 | |
|
| Line 427... | Line 427... | |||
| 427 | +} |
427 | +} |
|
| 428 | + |
428 | + |
|
| 429 | #define NFT_FLOWTABLE_DEVICE_MAX 8 |
429 | #define NFT_FLOWTABLE_DEVICE_MAX 8 |
|
| Line 430... | Line 430... | |||
| 430 | |
430 | |
|
| 431 | static int nf_tables_parse_devices(const struct nft_ctx *ctx, |
431 | static int nf_tables_parse_devices(const struct nft_ctx *ctx, |
|
| 432 | @@ -4948,6 +5060,8 @@ static int nf_tables_newflowtable(struct |
432 | @@ -4937,6 +5049,8 @@ static int nf_tables_newflowtable(struct |
|
| Line 433... | Line 433... | |||
| 433 | return -ENOMEM; |
433 | return -ENOMEM; |
|
| 434 | |
434 | |
|
| 435 | flowtable->table = table; |
435 | flowtable->table = table; |
|
| 436 | + flowtable->handle = nf_tables_alloc_handle(table); |
436 | + flowtable->handle = nf_tables_alloc_handle(table); |
|
| 437 | + |
437 | + |
|
| 438 | flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); |
438 | flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL); |
|
| 439 | if (!flowtable->name) { |
439 | if (!flowtable->name) { |
|
| 440 | err = -ENOMEM; |
440 | err = -ENOMEM; |
|
| 441 | @@ -5022,8 +5136,14 @@ static int nf_tables_delflowtable(struct |
441 | @@ -5011,8 +5125,14 @@ static int nf_tables_delflowtable(struct |
|
| Line 442... | Line 442... | |||
| 442 | if (IS_ERR(table)) |
442 | if (IS_ERR(table)) |
|
| 443 | return PTR_ERR(table); |
443 | return PTR_ERR(table); |
|
| Line 453... | Line 453... | |||
| 453 | + nla[NFTA_FLOWTABLE_NAME], |
453 | + nla[NFTA_FLOWTABLE_NAME], |
|
| 454 | + genmask); |
454 | + genmask); |
|
| 455 | if (IS_ERR(flowtable)) |
455 | if (IS_ERR(flowtable)) |
|
| 456 | return PTR_ERR(flowtable); |
456 | return PTR_ERR(flowtable); |
|
| 457 | if (flowtable->use > 0) |
457 | if (flowtable->use > 0) |
|
| 458 | @@ -5056,7 +5176,9 @@ static int nf_tables_fill_flowtable_info |
458 | @@ -5045,7 +5165,9 @@ static int nf_tables_fill_flowtable_info |
|
| Line 459... | Line 459... | |||
| 459 | |
459 | |
|
| 460 | if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || |
460 | if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) || |
|
| 461 | nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || |
461 | nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) || |
|
| 462 | - nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use))) |
462 | - nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use))) |
|