tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nft_reject: unify reject init and dump into nft_reject

Bridge family is using the same static init and dump function as inet.

This patch removes duplicate code unifying these functions body into
nft_reject.c so they can be reused in the rest of families supporting
reject verdict.

Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Jose M. Guisado Gomez and committed by
Pablo Neira Ayuso 312ca575 fa538f7c

+15 -117
+2 -58
net/bridge/netfilter/nft_reject_bridge.c
··· 177 177 (1 << NF_BR_LOCAL_IN)); 178 178 } 179 179 180 - static int nft_reject_bridge_init(const struct nft_ctx *ctx, 181 - const struct nft_expr *expr, 182 - const struct nlattr * const tb[]) 183 - { 184 - struct nft_reject *priv = nft_expr_priv(expr); 185 - int icmp_code; 186 - 187 - if (tb[NFTA_REJECT_TYPE] == NULL) 188 - return -EINVAL; 189 - 190 - priv->type = ntohl(nla_get_be32(tb[NFTA_REJECT_TYPE])); 191 - switch (priv->type) { 192 - case NFT_REJECT_ICMP_UNREACH: 193 - case NFT_REJECT_ICMPX_UNREACH: 194 - if (tb[NFTA_REJECT_ICMP_CODE] == NULL) 195 - return -EINVAL; 196 - 197 - icmp_code = nla_get_u8(tb[NFTA_REJECT_ICMP_CODE]); 198 - if (priv->type == NFT_REJECT_ICMPX_UNREACH && 199 - icmp_code > NFT_REJECT_ICMPX_MAX) 200 - return -EINVAL; 201 - 202 - priv->icmp_code = icmp_code; 203 - break; 204 - case NFT_REJECT_TCP_RST: 205 - break; 206 - default: 207 - return -EINVAL; 208 - } 209 - return 0; 210 - } 211 - 212 - static int nft_reject_bridge_dump(struct sk_buff *skb, 213 - const struct nft_expr *expr) 214 - { 215 - const struct nft_reject *priv = nft_expr_priv(expr); 216 - 217 - if (nla_put_be32(skb, NFTA_REJECT_TYPE, htonl(priv->type))) 218 - goto nla_put_failure; 219 - 220 - switch (priv->type) { 221 - case NFT_REJECT_ICMP_UNREACH: 222 - case NFT_REJECT_ICMPX_UNREACH: 223 - if (nla_put_u8(skb, NFTA_REJECT_ICMP_CODE, priv->icmp_code)) 224 - goto nla_put_failure; 225 - break; 226 - default: 227 - break; 228 - } 229 - 230 - return 0; 231 - 232 - nla_put_failure: 233 - return -1; 234 - } 235 - 236 180 static struct nft_expr_type nft_reject_bridge_type; 237 181 static const struct nft_expr_ops nft_reject_bridge_ops = { 238 182 .type = &nft_reject_bridge_type, 239 183 .size = NFT_EXPR_SIZE(sizeof(struct nft_reject)), 240 184 .eval = nft_reject_bridge_eval, 241 - .init = nft_reject_bridge_init, 242 - .dump = nft_reject_bridge_dump, 185 + .init = nft_reject_init, 186 + .dump = nft_reject_dump, 243 187 .validate = nft_reject_bridge_validate, 244 188 }; 245 189
+11 -1
net/netfilter/nft_reject.c
··· 40 40 const struct nlattr * const tb[]) 41 41 { 42 42 struct nft_reject *priv = nft_expr_priv(expr); 43 + int icmp_code; 43 44 44 45 if (tb[NFTA_REJECT_TYPE] == NULL) 45 46 return -EINVAL; ··· 48 47 priv->type = ntohl(nla_get_be32(tb[NFTA_REJECT_TYPE])); 49 48 switch (priv->type) { 50 49 case NFT_REJECT_ICMP_UNREACH: 50 + case NFT_REJECT_ICMPX_UNREACH: 51 51 if (tb[NFTA_REJECT_ICMP_CODE] == NULL) 52 52 return -EINVAL; 53 - priv->icmp_code = nla_get_u8(tb[NFTA_REJECT_ICMP_CODE]); 53 + 54 + icmp_code = nla_get_u8(tb[NFTA_REJECT_ICMP_CODE]); 55 + if (priv->type == NFT_REJECT_ICMPX_UNREACH && 56 + icmp_code > NFT_REJECT_ICMPX_MAX) 57 + return -EINVAL; 58 + 59 + priv->icmp_code = icmp_code; 60 + break; 54 61 case NFT_REJECT_TCP_RST: 55 62 break; 56 63 default: ··· 78 69 79 70 switch (priv->type) { 80 71 case NFT_REJECT_ICMP_UNREACH: 72 + case NFT_REJECT_ICMPX_UNREACH: 81 73 if (nla_put_u8(skb, NFTA_REJECT_ICMP_CODE, priv->icmp_code)) 82 74 goto nla_put_failure; 83 75 break;
+2 -58
net/netfilter/nft_reject_inet.c
··· 58 58 regs->verdict.code = NF_DROP; 59 59 } 60 60 61 - static int nft_reject_inet_init(const struct nft_ctx *ctx, 62 - const struct nft_expr *expr, 63 - const struct nlattr * const tb[]) 64 - { 65 - struct nft_reject *priv = nft_expr_priv(expr); 66 - int icmp_code; 67 - 68 - if (tb[NFTA_REJECT_TYPE] == NULL) 69 - return -EINVAL; 70 - 71 - priv->type = ntohl(nla_get_be32(tb[NFTA_REJECT_TYPE])); 72 - switch (priv->type) { 73 - case NFT_REJECT_ICMP_UNREACH: 74 - case NFT_REJECT_ICMPX_UNREACH: 75 - if (tb[NFTA_REJECT_ICMP_CODE] == NULL) 76 - return -EINVAL; 77 - 78 - icmp_code = nla_get_u8(tb[NFTA_REJECT_ICMP_CODE]); 79 - if (priv->type == NFT_REJECT_ICMPX_UNREACH && 80 - icmp_code > NFT_REJECT_ICMPX_MAX) 81 - return -EINVAL; 82 - 83 - priv->icmp_code = icmp_code; 84 - break; 85 - case NFT_REJECT_TCP_RST: 86 - break; 87 - default: 88 - return -EINVAL; 89 - } 90 - return 0; 91 - } 92 - 93 - static int nft_reject_inet_dump(struct sk_buff *skb, 94 - const struct nft_expr *expr) 95 - { 96 - const struct nft_reject *priv = nft_expr_priv(expr); 97 - 98 - if (nla_put_be32(skb, NFTA_REJECT_TYPE, htonl(priv->type))) 99 - goto nla_put_failure; 100 - 101 - switch (priv->type) { 102 - case NFT_REJECT_ICMP_UNREACH: 103 - case NFT_REJECT_ICMPX_UNREACH: 104 - if (nla_put_u8(skb, NFTA_REJECT_ICMP_CODE, priv->icmp_code)) 105 - goto nla_put_failure; 106 - break; 107 - default: 108 - break; 109 - } 110 - 111 - return 0; 112 - 113 - nla_put_failure: 114 - return -1; 115 - } 116 - 117 61 static struct nft_expr_type nft_reject_inet_type; 118 62 static const struct nft_expr_ops nft_reject_inet_ops = { 119 63 .type = &nft_reject_inet_type, 120 64 .size = NFT_EXPR_SIZE(sizeof(struct nft_reject)), 121 65 .eval = nft_reject_inet_eval, 122 - .init = nft_reject_inet_init, 123 - .dump = nft_reject_inet_dump, 66 + .init = nft_reject_init, 67 + .dump = nft_reject_dump, 124 68 .validate = nft_reject_validate, 125 69 }; 126 70