Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4ec8ff0e authored by Tejun Heo's avatar Tejun Heo Committed by Pablo Neira Ayuso
Browse files

netfilter: prepare xt_cgroup for multi revisions 



xt_cgroup will grow cgroup2 path based match.  Postfix existing
symbols with _v0 and prepare for multi revision registration.

Signed-off-by: default avatarTejun Heo <tj@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Daniel Wagner <daniel.wagner@bmw-carit.de>
CC: Neil Horman <nhorman@tuxdriver.com>
Cc: Jan Engelhardt <jengelh@inai.de>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a4ec8008

include/uapi/linux/netfilter/xt_cgroup.h

+1 −1
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ 


#include <linux/types.h>



struct xt_cgroup_info {

struct xt_cgroup_info_v0 {

	__u32 id;

	__u32 invert;

};

net/netfilter/xt_cgroup.c

+19 −17
Original line number Diff line number Diff line
@@ -24,9 +24,9 @@ MODULE_DESCRIPTION("Xtables: process control group matching"); 
MODULE_ALIAS("ipt_cgroup");

MODULE_ALIAS("ip6t_cgroup");



static int cgroup_mt_check(const struct xt_mtchk_param *par)

static int cgroup_mt_check_v0(const struct xt_mtchk_param *par)

{

	struct xt_cgroup_info *info = par->matchinfo;

	struct xt_cgroup_info_v0 *info = par->matchinfo;



	if (info->invert & ~1)

		return -EINVAL;
@@ -35,9 +35,9 @@ static int cgroup_mt_check(const struct xt_mtchk_param *par) 
}



static bool

cgroup_mt(const struct sk_buff *skb, struct xt_action_param *par)

cgroup_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)

{

	const struct xt_cgroup_info *info = par->matchinfo;

	const struct xt_cgroup_info_v0 *info = par->matchinfo;



	if (skb->sk == NULL || !sk_fullsock(skb->sk))

		return false;
@@ -46,27 +46,29 @@ cgroup_mt(const struct sk_buff *skb, struct xt_action_param *par) 
		info->invert;

}



static struct xt_match cgroup_mt_reg __read_mostly = {

static struct xt_match cgroup_mt_reg[] __read_mostly = {

	{

		.name		= "cgroup",

		.revision	= 0,

		.family		= NFPROTO_UNSPEC,

	.checkentry = cgroup_mt_check,

	.match      = cgroup_mt,

	.matchsize  = sizeof(struct xt_cgroup_info),

		.checkentry	= cgroup_mt_check_v0,

		.match		= cgroup_mt_v0,

		.matchsize	= sizeof(struct xt_cgroup_info_v0),

		.me		= THIS_MODULE,

		.hooks		= (1 << NF_INET_LOCAL_OUT) |

				  (1 << NF_INET_POST_ROUTING) |

				  (1 << NF_INET_LOCAL_IN),

	},

};



static int __init cgroup_mt_init(void)

{

	return xt_register_match(&cgroup_mt_reg);

	return xt_register_matches(cgroup_mt_reg, ARRAY_SIZE(cgroup_mt_reg));

}



static void __exit cgroup_mt_exit(void)

{

	xt_unregister_match(&cgroup_mt_reg);

	xt_unregister_matches(cgroup_mt_reg, ARRAY_SIZE(cgroup_mt_reg));

}



module_init(cgroup_mt_init);