netfilter: nf_tables: add nft_setelem_parse_key()

	return 0;

}

static int nft_setelem_parse_key(struct nft_ctx *ctx, struct nft_set *set,

				 struct nft_data *key, struct nlattr *attr)

{

	struct nft_data_desc desc;

	int err;

	err = nft_data_init(ctx, key, NFT_DATA_VALUE_MAXLEN, &desc, attr);

	if (err < 0)

		return err;

	if (desc.type != NFT_DATA_VALUE || desc.len != set->klen) {

		nft_data_release(key, desc.type);

		return -EINVAL;

	}

	return 0;

}

static int nft_get_set_elem(struct nft_ctx *ctx, struct nft_set *set,

			    const struct nlattr *attr)

{

	struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];

	struct nft_data_desc desc;

	struct nft_set_elem elem;

	struct sk_buff *skb;

	uint32_t flags = 0;

	if (err < 0)

		return err;

	err = nft_data_init(ctx, &elem.key.val, sizeof(elem.key), &desc,

	err = nft_setelem_parse_key(ctx, set, &elem.key.val,

				    nla[NFTA_SET_ELEM_KEY]);

	if (err < 0)

		return err;

	err = -EINVAL;

	if (desc.type != NFT_DATA_VALUE || desc.len != set->klen) {

		nft_data_release(&elem.key.val, desc.type);

		return err;

	}

	priv = set->ops->get(ctx->net, set, &elem, flags);

	if (IS_ERR(priv))

		return PTR_ERR(priv);

{

	struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];

	u8 genmask = nft_genmask_next(ctx->net);

	struct nft_data_desc d1, d2;

	struct nft_set_ext_tmpl tmpl;

	struct nft_set_ext *ext, *ext2;

	struct nft_set_elem elem;

	struct nft_set_binding *binding;

	struct nft_object *obj = NULL;

	struct nft_userdata *udata;

	struct nft_data_desc desc;

	struct nft_data data;

	enum nft_registers dreg;

	struct nft_trans *trans;

			return err;

	}

	err = nft_data_init(ctx, &elem.key.val, sizeof(elem.key), &d1,

	err = nft_setelem_parse_key(ctx, set, &elem.key.val,

				    nla[NFTA_SET_ELEM_KEY]);

	if (err < 0)

		goto err1;

	err = -EINVAL;

	if (d1.type != NFT_DATA_VALUE || d1.len != set->klen)

		goto err2;

	nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY, d1.len);

	nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY, set->klen);

	if (timeout > 0) {

		nft_set_ext_add(&tmpl, NFT_SET_EXT_EXPIRATION);

		if (timeout != set->timeout)

	}

	if (nla[NFTA_SET_ELEM_DATA] != NULL) {

		err = nft_data_init(ctx, &data, sizeof(data), &d2,

		err = nft_data_init(ctx, &data, sizeof(data), &desc,

				    nla[NFTA_SET_ELEM_DATA]);

		if (err < 0)

			goto err2;

		err = -EINVAL;

		if (set->dtype != NFT_DATA_VERDICT && d2.len != set->dlen)

		if (set->dtype != NFT_DATA_VERDICT && desc.len != set->dlen)

			goto err3;

		dreg = nft_type_to_reg(set->dtype);

			err = nft_validate_register_store(&bind_ctx, dreg,

							  &data,

							  d2.type, d2.len);

							  desc.type, desc.len);

			if (err < 0)

				goto err3;

			if (d2.type == NFT_DATA_VERDICT &&

			if (desc.type == NFT_DATA_VERDICT &&

			    (data.verdict.code == NFT_GOTO ||

			     data.verdict.code == NFT_JUMP))

				nft_validate_state_update(ctx->net,

							  NFT_VALIDATE_NEED);

		}

		nft_set_ext_add_length(&tmpl, NFT_SET_EXT_DATA, d2.len);

		nft_set_ext_add_length(&tmpl, NFT_SET_EXT_DATA, desc.len);

	}

	/* The full maximum length of userdata can exceed the maximum

	kfree(elem.priv);

err3:

	if (nla[NFTA_SET_ELEM_DATA] != NULL)

		nft_data_release(&data, d2.type);

		nft_data_release(&data, desc.type);

err2:

	nft_data_release(&elem.key.val, d1.type);

	nft_data_release(&elem.key.val, NFT_DATA_VALUE);

err1:

	return err;

}

{

	struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];

	struct nft_set_ext_tmpl tmpl;

	struct nft_data_desc desc;

	struct nft_set_elem elem;

	struct nft_set_ext *ext;

	struct nft_trans *trans;

	err = nla_parse_nested_deprecated(nla, NFTA_SET_ELEM_MAX, attr,

					  nft_set_elem_policy, NULL);

	if (err < 0)

		goto err1;

		return err;

	err = -EINVAL;

	if (nla[NFTA_SET_ELEM_KEY] == NULL)

		goto err1;

		return -EINVAL;

	nft_set_ext_prepare(&tmpl);

	if (flags != 0)

		nft_set_ext_add(&tmpl, NFT_SET_EXT_FLAGS);

	err = nft_data_init(ctx, &elem.key.val, sizeof(elem.key), &desc,

	err = nft_setelem_parse_key(ctx, set, &elem.key.val,

				    nla[NFTA_SET_ELEM_KEY]);

	if (err < 0)

		goto err1;

	err = -EINVAL;

	if (desc.type != NFT_DATA_VALUE || desc.len != set->klen)

		goto err2;

		return err;

	nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY, desc.len);

	nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY, set->klen);

	err = -ENOMEM;

	elem.priv = nft_set_elem_init(set, &tmpl, elem.key.val.data, NULL, 0,

				      0, GFP_KERNEL);

	if (elem.priv == NULL)

		goto err2;

		goto fail_elem;

	ext = nft_set_elem_ext(set, elem.priv);

	if (flags)

		*nft_set_ext_flags(ext) = flags;

	trans = nft_trans_elem_alloc(ctx, NFT_MSG_DELSETELEM, set);

	if (trans == NULL) {

		err = -ENOMEM;

		goto err3;

	}

	if (trans == NULL)

		goto fail_trans;

	priv = set->ops->deactivate(ctx->net, set, &elem);

	if (priv == NULL) {

		err = -ENOENT;

		goto err4;

		goto fail_ops;

	}

	kfree(elem.priv);

	elem.priv = priv;

	list_add_tail(&trans->list, &ctx->net->nft.commit_list);

	return 0;

err4:

fail_ops:

	kfree(trans);

err3:

fail_trans:

	kfree(elem.priv);

err2:

	nft_data_release(&elem.key.val, desc.type);

err1:

fail_elem:

	nft_data_release(&elem.key.val, NFT_DATA_VALUE);

	return err;

}