Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e1c59f90 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Greg Kroah-Hartman
Browse files

netfilter: nftables: add nft_parse_register_store() and use it 



[ 345023b0db315648ccc3c1a36aee88304a8b4d91 ]

This new function combines the netlink register attribute parser
and the store validation function.

This update requires to replace:

        enum nft_registers      dreg:8;

in many of the expression private areas otherwise compiler complains
with:

        error: cannot take address of bit-field ‘dreg’

when passing the register field as reference.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent e570ac19

include/net/netfilter/nf_tables.h

+4 −4
Original line number Diff line number Diff line
@@ -195,8 +195,8 @@ unsigned int nft_parse_register(const struct nlattr *attr); 
int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg);



int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len);

int nft_validate_register_store(const struct nft_ctx *ctx,

				enum nft_registers reg,

int nft_parse_register_store(const struct nft_ctx *ctx,

			     const struct nlattr *attr, u8 *dreg,

			     const struct nft_data *data,

			     enum nft_data_types type, unsigned int len);

include/net/netfilter/nf_tables_core.h

+2 −2
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ struct nft_cmp_fast_expr { 


struct nft_immediate_expr {

	struct nft_data		data;

	enum nft_registers	dreg:8;

	u8			dreg;

	u8			dlen;

};
@@ -48,7 +48,7 @@ struct nft_payload { 
	enum nft_payload_bases	base:8;

	u8			offset;

	u8			len;

	enum nft_registers	dreg:8;

	u8			dreg;

};



struct nft_payload_set {

include/net/netfilter/nft_fib.h

+1 −1
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 
#define _NFT_FIB_H_



struct nft_fib {

	enum nft_registers	dreg:8;

	u8			dreg;

	u8			result;

	u32			flags;

};

net/netfilter/nf_tables_api.c

+29 −5
Original line number Diff line number Diff line
@@ -3687,6 +3687,12 @@ static int nf_tables_delset(struct net *net, struct sock *nlsk, 
	return nft_delset(&ctx, set);

}



static int nft_validate_register_store(const struct nft_ctx *ctx,

				       enum nft_registers reg,

				       const struct nft_data *data,

				       enum nft_data_types type,

				       unsigned int len);



static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx,

					struct nft_set *set,

					const struct nft_set_iter *iter,
@@ -7067,10 +7073,11 @@ EXPORT_SYMBOL_GPL(nft_parse_register_load); 
 * 	A value of NULL for the data means that its runtime gathered

 * 	data.

 */

int nft_validate_register_store(const struct nft_ctx *ctx,

static int nft_validate_register_store(const struct nft_ctx *ctx,

				       enum nft_registers reg,

				       const struct nft_data *data,

				enum nft_data_types type, unsigned int len)

				       enum nft_data_types type,

				       unsigned int len)

{

	int err;
@@ -7102,7 +7109,24 @@ int nft_validate_register_store(const struct nft_ctx *ctx, 
		return 0;

	}

}

EXPORT_SYMBOL_GPL(nft_validate_register_store);



int nft_parse_register_store(const struct nft_ctx *ctx,

			     const struct nlattr *attr, u8 *dreg,

			     const struct nft_data *data,

			     enum nft_data_types type, unsigned int len)

{

	int err;

	u32 reg;



	reg = nft_parse_register(attr);

	err = nft_validate_register_store(ctx, reg, data, type, len);

	if (err < 0)

		return err;



	*dreg = reg;

	return 0;

}

EXPORT_SYMBOL_GPL(nft_parse_register_store);



static const struct nla_policy nft_verdict_policy[NFTA_VERDICT_MAX + 1] = {

	[NFTA_VERDICT_CODE]	= { .type = NLA_U32 },

net/netfilter/nft_bitwise.c

+4 −4
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ 


struct nft_bitwise {

	u8			sreg;

	enum nft_registers	dreg:8;

	u8			dreg;

	u8			len;

	struct nft_data		mask;

	struct nft_data		xor;
@@ -73,9 +73,9 @@ static int nft_bitwise_init(const struct nft_ctx *ctx, 
	if (err < 0)

		return err;



	priv->dreg = nft_parse_register(tb[NFTA_BITWISE_DREG]);

	err = nft_validate_register_store(ctx, priv->dreg, NULL,

					  NFT_DATA_VALUE, priv->len);

	err = nft_parse_register_store(ctx, tb[NFTA_BITWISE_DREG],

				       &priv->dreg, NULL, NFT_DATA_VALUE,

				       priv->len);

	if (err < 0)

		return err;