Revert "netfilter: nft_numgen: add map lookups for numgen random operations"

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Laura found a better way to do this from userspace without requiring
kernel infrastructure, revert this.

Fixes: 978d8f9055c3 ("netfilter: nft_numgen: add map lookups for numgen random operations")
Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 7 years ago 4269fea7 5a8de47b

+2 -129

2 changed files

expand all

include

uapi

linux

netfilter

nf_tables.h

net

netfilter

nft_numgen.c

+2 -2

include/uapi/linux/netfilter/nf_tables.h

··· 1635 1635 NFTA_NG_MODULUS, 1636 1636 NFTA_NG_TYPE, 1637 1637 NFTA_NG_OFFSET, 1638 - NFTA_NG_SET_NAME, 1639 - NFTA_NG_SET_ID, 1638 + NFTA_NG_SET_NAME, /* deprecated */ 1639 + NFTA_NG_SET_ID, /* deprecated */ 1640 1640 __NFTA_NG_MAX 1641 1641 }; 1642 1642 #define NFTA_NG_MAX (__NFTA_NG_MAX - 1)

-127

net/netfilter/nft_numgen.c

··· 24 24 u32 modulus; 25 25 atomic_t counter; 26 26 u32 offset; 27 - struct nft_set *map; 28 27 }; 29 28 30 29 static u32 nft_ng_inc_gen(struct nft_ng_inc *priv) ··· 47 48 regs->data[priv->dreg] = nft_ng_inc_gen(priv); 48 49 } 49 50 50 - static void nft_ng_inc_map_eval(const struct nft_expr *expr, 51 - struct nft_regs *regs, 52 - const struct nft_pktinfo *pkt) 53 - { 54 - struct nft_ng_inc *priv = nft_expr_priv(expr); 55 - const struct nft_set *map = priv->map; 56 - const struct nft_set_ext *ext; 57 - u32 result; 58 - bool found; 59 - 60 - result = nft_ng_inc_gen(priv); 61 - found = map->ops->lookup(nft_net(pkt), map, &result, &ext); 62 - 63 - if (!found) 64 - return; 65 - 66 - nft_data_copy(&regs->data[priv->dreg], 67 - nft_set_ext_data(ext), map->dlen); 68 - } 69 - 70 51 static const struct nla_policy nft_ng_policy[NFTA_NG_MAX + 1] = { 71 52 [NFTA_NG_DREG] = { .type = NLA_U32 }, 72 53 [NFTA_NG_MODULUS] = { .type = NLA_U32 }, 73 54 [NFTA_NG_TYPE] = { .type = NLA_U32 }, 74 55 [NFTA_NG_OFFSET] = { .type = NLA_U32 }, 75 - [NFTA_NG_SET_NAME] = { .type = NLA_STRING, 76 - .len = NFT_SET_MAXNAMELEN - 1 }, 77 - [NFTA_NG_SET_ID] = { .type = NLA_U32 }, 78 56 }; 79 57 80 58 static int nft_ng_inc_init(const struct nft_ctx *ctx, ··· 75 99 76 100 return nft_validate_register_store(ctx, priv->dreg, NULL, 77 101 NFT_DATA_VALUE, sizeof(u32)); 78 - } 79 - 80 - static int nft_ng_inc_map_init(const struct nft_ctx *ctx, 81 - const struct nft_expr *expr, 82 - const struct nlattr * const tb[]) 83 - { 84 - struct nft_ng_inc *priv = nft_expr_priv(expr); 85 - u8 genmask = nft_genmask_next(ctx->net); 86 - 87 - nft_ng_inc_init(ctx, expr, tb); 88 - 89 - priv->map = nft_set_lookup_global(ctx->net, ctx->table, 90 - tb[NFTA_NG_SET_NAME], 91 - tb[NFTA_NG_SET_ID], genmask); 92 - 93 - return PTR_ERR_OR_ZERO(priv->map); 94 102 } 95 103 96 104 static int nft_ng_dump(struct sk_buff *skb, enum nft_registers dreg, ··· 103 143 priv->offset); 104 144 } 105 145 106 - static int nft_ng_inc_map_dump(struct sk_buff *skb, 107 - const struct nft_expr *expr) 108 - { 109 - const struct nft_ng_inc *priv = nft_expr_priv(expr); 110 - 111 - if (nft_ng_dump(skb, priv->dreg, priv->modulus, 112 - NFT_NG_INCREMENTAL, priv->offset) || 113 - nla_put_string(skb, NFTA_NG_SET_NAME, priv->map->name)) 114 - goto nla_put_failure; 115 - 116 - return 0; 117 - 118 - nla_put_failure: 119 - return -1; 120 - } 121 - 122 146 struct nft_ng_random { 123 147 enum nft_registers dreg:8; 124 148 u32 modulus; 125 149 u32 offset; 126 - struct nft_set *map; 127 150 }; 128 151 129 152 static u32 nft_ng_random_gen(struct nft_ng_random *priv) ··· 124 181 struct nft_ng_random *priv = nft_expr_priv(expr); 125 182 126 183 regs->data[priv->dreg] = nft_ng_random_gen(priv); 127 - } 128 - 129 - static void nft_ng_random_map_eval(const struct nft_expr *expr, 130 - struct nft_regs *regs, 131 - const struct nft_pktinfo *pkt) 132 - { 133 - struct nft_ng_random *priv = nft_expr_priv(expr); 134 - const struct nft_set *map = priv->map; 135 - const struct nft_set_ext *ext; 136 - u32 result; 137 - bool found; 138 - 139 - result = nft_ng_random_gen(priv); 140 - found = map->ops->lookup(nft_net(pkt), map, &result, &ext); 141 - if (!found) 142 - return; 143 - 144 - nft_data_copy(&regs->data[priv->dreg], 145 - nft_set_ext_data(ext), map->dlen); 146 184 } 147 185 148 186 static int nft_ng_random_init(const struct nft_ctx *ctx, ··· 150 226 NFT_DATA_VALUE, sizeof(u32)); 151 227 } 152 228 153 - static int nft_ng_random_map_init(const struct nft_ctx *ctx, 154 - const struct nft_expr *expr, 155 - const struct nlattr * const tb[]) 156 - { 157 - struct nft_ng_random *priv = nft_expr_priv(expr); 158 - u8 genmask = nft_genmask_next(ctx->net); 159 - 160 - nft_ng_random_init(ctx, expr, tb); 161 - priv->map = nft_set_lookup_global(ctx->net, ctx->table, 162 - tb[NFTA_NG_SET_NAME], 163 - tb[NFTA_NG_SET_ID], genmask); 164 - 165 - return PTR_ERR_OR_ZERO(priv->map); 166 - } 167 - 168 229 static int nft_ng_random_dump(struct sk_buff *skb, const struct nft_expr *expr) 169 230 { 170 231 const struct nft_ng_random *priv = nft_expr_priv(expr); 171 232 172 233 return nft_ng_dump(skb, priv->dreg, priv->modulus, NFT_NG_RANDOM, 173 234 priv->offset); 174 - } 175 - 176 - static int nft_ng_random_map_dump(struct sk_buff *skb, 177 - const struct nft_expr *expr) 178 - { 179 - const struct nft_ng_random *priv = nft_expr_priv(expr); 180 - 181 - if (nft_ng_dump(skb, priv->dreg, priv->modulus, 182 - NFT_NG_RANDOM, priv->offset) || 183 - nla_put_string(skb, NFTA_NG_SET_NAME, priv->map->name)) 184 - goto nla_put_failure; 185 - 186 - return 0; 187 - 188 - nla_put_failure: 189 - return -1; 190 235 } 191 236 192 237 static struct nft_expr_type nft_ng_type; ··· 167 274 .dump = nft_ng_inc_dump, 168 275 }; 169 276 170 - static const struct nft_expr_ops nft_ng_inc_map_ops = { 171 - .type = &nft_ng_type, 172 - .size = NFT_EXPR_SIZE(sizeof(struct nft_ng_inc)), 173 - .eval = nft_ng_inc_map_eval, 174 - .init = nft_ng_inc_map_init, 175 - .dump = nft_ng_inc_map_dump, 176 - }; 177 - 178 277 static const struct nft_expr_ops nft_ng_random_ops = { 179 278 .type = &nft_ng_type, 180 279 .size = NFT_EXPR_SIZE(sizeof(struct nft_ng_random)), 181 280 .eval = nft_ng_random_eval, 182 281 .init = nft_ng_random_init, 183 282 .dump = nft_ng_random_dump, 184 - }; 185 - 186 - static const struct nft_expr_ops nft_ng_random_map_ops = { 187 - .type = &nft_ng_type, 188 - .size = NFT_EXPR_SIZE(sizeof(struct nft_ng_random)), 189 - .eval = nft_ng_random_map_eval, 190 - .init = nft_ng_random_map_init, 191 - .dump = nft_ng_random_map_dump, 192 283 }; 193 284 194 285 static const struct nft_expr_ops * ··· 189 312 190 313 switch (type) { 191 314 case NFT_NG_INCREMENTAL: 192 - if (tb[NFTA_NG_SET_NAME]) 193 - return &nft_ng_inc_map_ops; 194 315 return &nft_ng_inc_ops; 195 316 case NFT_NG_RANDOM: 196 - if (tb[NFTA_NG_SET_NAME]) 197 - return &nft_ng_random_map_ops; 198 317 return &nft_ng_random_ops; 199 318 } 200 319