tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nf_tables: store data in offload context registers
Store immediate data into offload context register. This allows follow
up instructions to take it from the corresponding source register.
This patch is required to support for payload mangling, although other
instructions that take data from source register will benefit from this
too.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+18
-7
+1
include/net/netfilter/nf_tables_offload.h
+1
include/net/netfilter/nf_tables_offload.h
+17
-7
net/netfilter/nft_immediate.c
+17
-7
net/netfilter/nft_immediate.c
···
125
125
return 0;
126
126
}
127
127
128
-
static int nft_immediate_offload(struct nft_offload_ctx *ctx,
129
-
struct nft_flow_rule *flow,
130
-
const struct nft_expr *expr)
128
+
static int nft_immediate_offload_verdict(struct nft_offload_ctx *ctx,
129
+
struct nft_flow_rule *flow,
130
+
const struct nft_immediate_expr *priv)
131
131
{
132
-
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
133
132
struct flow_action_entry *entry;
134
133
const struct nft_data *data;
135
-
136
-
if (priv->dreg != NFT_REG_VERDICT)
137
-
return -EOPNOTSUPP;
138
134
139
135
entry = &flow->rule->action.entries[ctx->num_actions++];
140
136
···
145
149
default:
146
150
return -EOPNOTSUPP;
147
151
}
152
+
153
+
return 0;
154
+
}
155
+
156
+
static int nft_immediate_offload(struct nft_offload_ctx *ctx,
157
+
struct nft_flow_rule *flow,
158
+
const struct nft_expr *expr)
159
+
{
160
+
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
161
+
162
+
if (priv->dreg == NFT_REG_VERDICT)
163
+
return nft_immediate_offload_verdict(ctx, flow, priv);
164
+
165
+
memcpy(&ctx->regs[priv->dreg].data, &priv->data, sizeof(priv->data));
148
166
149
167
return 0;
150
168
}