tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: nftables: add nft_parse_register_load() and use it
This new function combines the netlink register attribute parser
and the load validation function.
This update requires to replace:
enum nft_registers sreg:8;
in many of the expression private areas otherwise compiler complains
with:
error: cannot take address of bit-field ‘sreg’
when passing the register field as reference.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+132
-135
+1
-1
include/net/netfilter/nf_tables.h
+1
-1
include/net/netfilter/nf_tables.h
···
203
203
unsigned int nft_parse_register(const struct nlattr *attr);
204
204
int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg);
205
205
206
-
int nft_validate_register_load(enum nft_registers reg, unsigned int len);
206
+
int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len);
207
207
int nft_validate_register_store(const struct nft_ctx *ctx,
208
208
enum nft_registers reg,
209
209
const struct nft_data *data,
+3
-3
include/net/netfilter/nf_tables_core.h
+3
-3
include/net/netfilter/nf_tables_core.h
···
26
26
struct nft_bitwise_fast_expr {
27
27
u32 mask;
28
28
u32 xor;
29
-
enum nft_registers sreg:8;
29
+
u8 sreg;
30
30
enum nft_registers dreg:8;
31
31
};
32
32
33
33
struct nft_cmp_fast_expr {
34
34
u32 data;
35
35
u32 mask;
36
-
enum nft_registers sreg:8;
36
+
u8 sreg;
37
37
u8 len;
38
38
bool inv;
39
39
};
···
67
67
enum nft_payload_bases base:8;
68
68
u8 offset;
69
69
u8 len;
70
-
enum nft_registers sreg:8;
70
+
u8 sreg;
71
71
u8 csum_type;
72
72
u8 csum_offset;
73
73
u8 csum_flags;
+1
-1
include/net/netfilter/nft_meta.h
+1
-1
include/net/netfilter/nft_meta.h
+9
-9
net/ipv4/netfilter/nft_dup_ipv4.c
+9
-9
net/ipv4/netfilter/nft_dup_ipv4.c
···
13
13
#include <net/netfilter/ipv4/nf_dup_ipv4.h>
14
14
15
15
struct nft_dup_ipv4 {
16
-
enum nft_registers sreg_addr:8;
17
-
enum nft_registers sreg_dev:8;
16
+
u8 sreg_addr;
17
+
u8 sreg_dev;
18
18
};
19
19
20
20
static void nft_dup_ipv4_eval(const struct nft_expr *expr,
···
40
40
if (tb[NFTA_DUP_SREG_ADDR] == NULL)
41
41
return -EINVAL;
42
42
43
-
priv->sreg_addr = nft_parse_register(tb[NFTA_DUP_SREG_ADDR]);
44
-
err = nft_validate_register_load(priv->sreg_addr, sizeof(struct in_addr));
43
+
err = nft_parse_register_load(tb[NFTA_DUP_SREG_ADDR], &priv->sreg_addr,
44
+
sizeof(struct in_addr));
45
45
if (err < 0)
46
46
return err;
47
47
48
-
if (tb[NFTA_DUP_SREG_DEV] != NULL) {
49
-
priv->sreg_dev = nft_parse_register(tb[NFTA_DUP_SREG_DEV]);
50
-
return nft_validate_register_load(priv->sreg_dev, sizeof(int));
51
-
}
52
-
return 0;
48
+
if (tb[NFTA_DUP_SREG_DEV])
49
+
err = nft_parse_register_load(tb[NFTA_DUP_SREG_DEV],
50
+
&priv->sreg_dev, sizeof(int));
51
+
52
+
return err;
53
53
}
54
54
55
55
static int nft_dup_ipv4_dump(struct sk_buff *skb, const struct nft_expr *expr)
+9
-9
net/ipv6/netfilter/nft_dup_ipv6.c
+9
-9
net/ipv6/netfilter/nft_dup_ipv6.c
···
13
13
#include <net/netfilter/ipv6/nf_dup_ipv6.h>
14
14
15
15
struct nft_dup_ipv6 {
16
-
enum nft_registers sreg_addr:8;
17
-
enum nft_registers sreg_dev:8;
16
+
u8 sreg_addr;
17
+
u8 sreg_dev;
18
18
};
19
19
20
20
static void nft_dup_ipv6_eval(const struct nft_expr *expr,
···
38
38
if (tb[NFTA_DUP_SREG_ADDR] == NULL)
39
39
return -EINVAL;
40
40
41
-
priv->sreg_addr = nft_parse_register(tb[NFTA_DUP_SREG_ADDR]);
42
-
err = nft_validate_register_load(priv->sreg_addr, sizeof(struct in6_addr));
41
+
err = nft_parse_register_load(tb[NFTA_DUP_SREG_ADDR], &priv->sreg_addr,
42
+
sizeof(struct in6_addr));
43
43
if (err < 0)
44
44
return err;
45
45
46
-
if (tb[NFTA_DUP_SREG_DEV] != NULL) {
47
-
priv->sreg_dev = nft_parse_register(tb[NFTA_DUP_SREG_DEV]);
48
-
return nft_validate_register_load(priv->sreg_dev, sizeof(int));
49
-
}
50
-
return 0;
46
+
if (tb[NFTA_DUP_SREG_DEV])
47
+
err = nft_parse_register_load(tb[NFTA_DUP_SREG_DEV],
48
+
&priv->sreg_dev, sizeof(int));
49
+
50
+
return err;
51
51
}
52
52
53
53
static int nft_dup_ipv6_dump(struct sk_buff *skb, const struct nft_expr *expr)
+16
-2
net/netfilter/nf_tables_api.c
+16
-2
net/netfilter/nf_tables_api.c
···
8634
8634
* Validate that the input register is one of the general purpose
8635
8635
* registers and that the length of the load is within the bounds.
8636
8636
*/
8637
-
int nft_validate_register_load(enum nft_registers reg, unsigned int len)
8637
+
static int nft_validate_register_load(enum nft_registers reg, unsigned int len)
8638
8638
{
8639
8639
if (reg < NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE)
8640
8640
return -EINVAL;
···
8645
8645
8646
8646
return 0;
8647
8647
}
8648
-
EXPORT_SYMBOL_GPL(nft_validate_register_load);
8648
+
8649
+
int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len)
8650
+
{
8651
+
u32 reg;
8652
+
int err;
8653
+
8654
+
reg = nft_parse_register(attr);
8655
+
err = nft_validate_register_load(reg, len);
8656
+
if (err < 0)
8657
+
return err;
8658
+
8659
+
*sreg = reg;
8660
+
return 0;
8661
+
}
8662
+
EXPORT_SYMBOL_GPL(nft_parse_register_load);
8649
8663
8650
8664
/**
8651
8665
* nft_validate_register_store - validate an expressions' register store
+5
-5
net/netfilter/nft_bitwise.c
+5
-5
net/netfilter/nft_bitwise.c
···
16
16
#include <net/netfilter/nf_tables_offload.h>
17
17
18
18
struct nft_bitwise {
19
-
enum nft_registers sreg:8;
19
+
u8 sreg;
20
20
enum nft_registers dreg:8;
21
21
enum nft_bitwise_ops op:8;
22
22
u8 len;
···
169
169
170
170
priv->len = len;
171
171
172
-
priv->sreg = nft_parse_register(tb[NFTA_BITWISE_SREG]);
173
-
err = nft_validate_register_load(priv->sreg, priv->len);
172
+
err = nft_parse_register_load(tb[NFTA_BITWISE_SREG], &priv->sreg,
173
+
priv->len);
174
174
if (err < 0)
175
175
return err;
176
176
···
315
315
struct nft_bitwise_fast_expr *priv = nft_expr_priv(expr);
316
316
int err;
317
317
318
-
priv->sreg = nft_parse_register(tb[NFTA_BITWISE_SREG]);
319
-
err = nft_validate_register_load(priv->sreg, sizeof(u32));
318
+
err = nft_parse_register_load(tb[NFTA_BITWISE_SREG], &priv->sreg,
319
+
sizeof(u32));
320
320
if (err < 0)
321
321
return err;
322
322
+3
-3
net/netfilter/nft_byteorder.c
+3
-3
net/netfilter/nft_byteorder.c
···
16
16
#include <net/netfilter/nf_tables.h>
17
17
18
18
struct nft_byteorder {
19
-
enum nft_registers sreg:8;
19
+
u8 sreg;
20
20
enum nft_registers dreg:8;
21
21
enum nft_byteorder_ops op:8;
22
22
u8 len;
···
131
131
return -EINVAL;
132
132
}
133
133
134
-
priv->sreg = nft_parse_register(tb[NFTA_BYTEORDER_SREG]);
135
134
err = nft_parse_u32_check(tb[NFTA_BYTEORDER_LEN], U8_MAX, &len);
136
135
if (err < 0)
137
136
return err;
138
137
139
138
priv->len = len;
140
139
141
-
err = nft_validate_register_load(priv->sreg, priv->len);
140
+
err = nft_parse_register_load(tb[NFTA_BYTEORDER_SREG], &priv->sreg,
141
+
priv->len);
142
142
if (err < 0)
143
143
return err;
144
144
+3
-5
net/netfilter/nft_cmp.c
+3
-5
net/netfilter/nft_cmp.c
···
18
18
19
19
struct nft_cmp_expr {
20
20
struct nft_data data;
21
-
enum nft_registers sreg:8;
21
+
u8 sreg;
22
22
u8 len;
23
23
enum nft_cmp_ops op:8;
24
24
};
···
87
87
return err;
88
88
}
89
89
90
-
priv->sreg = nft_parse_register(tb[NFTA_CMP_SREG]);
91
-
err = nft_validate_register_load(priv->sreg, desc.len);
90
+
err = nft_parse_register_load(tb[NFTA_CMP_SREG], &priv->sreg, desc.len);
92
91
if (err < 0)
93
92
return err;
94
93
···
173
174
if (err < 0)
174
175
return err;
175
176
176
-
priv->sreg = nft_parse_register(tb[NFTA_CMP_SREG]);
177
-
err = nft_validate_register_load(priv->sreg, desc.len);
177
+
err = nft_parse_register_load(tb[NFTA_CMP_SREG], &priv->sreg, desc.len);
178
178
if (err < 0)
179
179
return err;
180
180
+2
-3
net/netfilter/nft_ct.c
+2
-3
net/netfilter/nft_ct.c
···
28
28
enum ip_conntrack_dir dir:8;
29
29
union {
30
30
enum nft_registers dreg:8;
31
-
enum nft_registers sreg:8;
31
+
u8 sreg;
32
32
};
33
33
};
34
34
···
600
600
}
601
601
}
602
602
603
-
priv->sreg = nft_parse_register(tb[NFTA_CT_SREG]);
604
-
err = nft_validate_register_load(priv->sreg, len);
603
+
err = nft_parse_register_load(tb[NFTA_CT_SREG], &priv->sreg, len);
605
604
if (err < 0)
606
605
goto err1;
607
606
+3
-3
net/netfilter/nft_dup_netdev.c
+3
-3
net/netfilter/nft_dup_netdev.c
···
14
14
#include <net/netfilter/nf_dup_netdev.h>
15
15
16
16
struct nft_dup_netdev {
17
-
enum nft_registers sreg_dev:8;
17
+
u8 sreg_dev;
18
18
};
19
19
20
20
static void nft_dup_netdev_eval(const struct nft_expr *expr,
···
40
40
if (tb[NFTA_DUP_SREG_DEV] == NULL)
41
41
return -EINVAL;
42
42
43
-
priv->sreg_dev = nft_parse_register(tb[NFTA_DUP_SREG_DEV]);
44
-
return nft_validate_register_load(priv->sreg_dev, sizeof(int));
43
+
return nft_parse_register_load(tb[NFTA_DUP_SREG_DEV], &priv->sreg_dev,
44
+
sizeof(int));
45
45
}
46
46
47
47
static int nft_dup_netdev_dump(struct sk_buff *skb, const struct nft_expr *expr)
+6
-6
net/netfilter/nft_dynset.c
+6
-6
net/netfilter/nft_dynset.c
···
16
16
struct nft_set *set;
17
17
struct nft_set_ext_tmpl tmpl;
18
18
enum nft_dynset_ops op:8;
19
-
enum nft_registers sreg_key:8;
20
-
enum nft_registers sreg_data:8;
19
+
u8 sreg_key;
20
+
u8 sreg_data;
21
21
bool invert;
22
22
bool expr;
23
23
u8 num_exprs;
···
219
219
return err;
220
220
}
221
221
222
-
priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]);
223
-
err = nft_validate_register_load(priv->sreg_key, set->klen);
222
+
err = nft_parse_register_load(tb[NFTA_DYNSET_SREG_KEY], &priv->sreg_key,
223
+
set->klen);
224
224
if (err < 0)
225
225
return err;
226
226
···
230
230
if (set->dtype == NFT_DATA_VERDICT)
231
231
return -EOPNOTSUPP;
232
232
233
-
priv->sreg_data = nft_parse_register(tb[NFTA_DYNSET_SREG_DATA]);
234
-
err = nft_validate_register_load(priv->sreg_data, set->dlen);
233
+
err = nft_parse_register_load(tb[NFTA_DYNSET_SREG_DATA],
234
+
&priv->sreg_data, set->dlen);
235
235
if (err < 0)
236
236
return err;
237
237
} else if (set->flags & NFT_SET_MAP)
+3
-3
net/netfilter/nft_exthdr.c
+3
-3
net/netfilter/nft_exthdr.c
···
20
20
u8 len;
21
21
u8 op;
22
22
enum nft_registers dreg:8;
23
-
enum nft_registers sreg:8;
23
+
u8 sreg;
24
24
u8 flags;
25
25
};
26
26
···
400
400
priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]);
401
401
priv->offset = offset;
402
402
priv->len = len;
403
-
priv->sreg = nft_parse_register(tb[NFTA_EXTHDR_SREG]);
404
403
priv->flags = flags;
405
404
priv->op = op;
406
405
407
-
return nft_validate_register_load(priv->sreg, priv->len);
406
+
return nft_parse_register_load(tb[NFTA_EXTHDR_SREG], &priv->sreg,
407
+
priv->len);
408
408
}
409
409
410
410
static int nft_exthdr_ipv4_init(const struct nft_ctx *ctx,
+9
-9
net/netfilter/nft_fwd_netdev.c
+9
-9
net/netfilter/nft_fwd_netdev.c
···
18
18
#include <net/ip.h>
19
19
20
20
struct nft_fwd_netdev {
21
-
enum nft_registers sreg_dev:8;
21
+
u8 sreg_dev;
22
22
};
23
23
24
24
static void nft_fwd_netdev_eval(const struct nft_expr *expr,
···
50
50
if (tb[NFTA_FWD_SREG_DEV] == NULL)
51
51
return -EINVAL;
52
52
53
-
priv->sreg_dev = nft_parse_register(tb[NFTA_FWD_SREG_DEV]);
54
-
return nft_validate_register_load(priv->sreg_dev, sizeof(int));
53
+
return nft_parse_register_load(tb[NFTA_FWD_SREG_DEV], &priv->sreg_dev,
54
+
sizeof(int));
55
55
}
56
56
57
57
static int nft_fwd_netdev_dump(struct sk_buff *skb, const struct nft_expr *expr)
···
78
78
}
79
79
80
80
struct nft_fwd_neigh {
81
-
enum nft_registers sreg_dev:8;
82
-
enum nft_registers sreg_addr:8;
81
+
u8 sreg_dev;
82
+
u8 sreg_addr;
83
83
u8 nfproto;
84
84
};
85
85
···
157
157
!tb[NFTA_FWD_NFPROTO])
158
158
return -EINVAL;
159
159
160
-
priv->sreg_dev = nft_parse_register(tb[NFTA_FWD_SREG_DEV]);
161
-
priv->sreg_addr = nft_parse_register(tb[NFTA_FWD_SREG_ADDR]);
162
160
priv->nfproto = ntohl(nla_get_be32(tb[NFTA_FWD_NFPROTO]));
163
161
164
162
switch (priv->nfproto) {
···
170
172
return -EOPNOTSUPP;
171
173
}
172
174
173
-
err = nft_validate_register_load(priv->sreg_dev, sizeof(int));
175
+
err = nft_parse_register_load(tb[NFTA_FWD_SREG_DEV], &priv->sreg_dev,
176
+
sizeof(int));
174
177
if (err < 0)
175
178
return err;
176
179
177
-
return nft_validate_register_load(priv->sreg_addr, addr_len);
180
+
return nft_parse_register_load(tb[NFTA_FWD_SREG_ADDR], &priv->sreg_addr,
181
+
addr_len);
178
182
}
179
183
180
184
static int nft_fwd_neigh_dump(struct sk_buff *skb, const struct nft_expr *expr)
+6
-4
net/netfilter/nft_hash.c
+6
-4
net/netfilter/nft_hash.c
···
14
14
#include <linux/jhash.h>
15
15
16
16
struct nft_jhash {
17
-
enum nft_registers sreg:8;
17
+
u8 sreg;
18
18
enum nft_registers dreg:8;
19
19
u8 len;
20
20
bool autogen_seed:1;
···
83
83
if (tb[NFTA_HASH_OFFSET])
84
84
priv->offset = ntohl(nla_get_be32(tb[NFTA_HASH_OFFSET]));
85
85
86
-
priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
87
86
priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
88
87
89
88
err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len);
···
92
93
return -ERANGE;
93
94
94
95
priv->len = len;
96
+
97
+
err = nft_parse_register_load(tb[NFTA_HASH_SREG], &priv->sreg, len);
98
+
if (err < 0)
99
+
return err;
95
100
96
101
priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS]));
97
102
if (priv->modulus < 1)
···
111
108
get_random_bytes(&priv->seed, sizeof(priv->seed));
112
109
}
113
110
114
-
return nft_validate_register_load(priv->sreg, len) &&
115
-
nft_validate_register_store(ctx, priv->dreg, NULL,
111
+
return nft_validate_register_store(ctx, priv->dreg, NULL,
116
112
NFT_DATA_VALUE, sizeof(u32));
117
113
}
118
114
+3
-3
net/netfilter/nft_lookup.c
+3
-3
net/netfilter/nft_lookup.c
···
17
17
18
18
struct nft_lookup {
19
19
struct nft_set *set;
20
-
enum nft_registers sreg:8;
20
+
u8 sreg;
21
21
enum nft_registers dreg:8;
22
22
bool invert;
23
23
struct nft_set_binding binding;
···
76
76
if (IS_ERR(set))
77
77
return PTR_ERR(set);
78
78
79
-
priv->sreg = nft_parse_register(tb[NFTA_LOOKUP_SREG]);
80
-
err = nft_validate_register_load(priv->sreg, set->klen);
79
+
err = nft_parse_register_load(tb[NFTA_LOOKUP_SREG], &priv->sreg,
80
+
set->klen);
81
81
if (err < 0)
82
82
return err;
83
83
+7
-11
net/netfilter/nft_masq.c
+7
-11
net/netfilter/nft_masq.c
···
15
15
16
16
struct nft_masq {
17
17
u32 flags;
18
-
enum nft_registers sreg_proto_min:8;
19
-
enum nft_registers sreg_proto_max:8;
18
+
u8 sreg_proto_min;
19
+
u8 sreg_proto_max;
20
20
};
21
21
22
22
static const struct nla_policy nft_masq_policy[NFTA_MASQ_MAX + 1] = {
···
54
54
}
55
55
56
56
if (tb[NFTA_MASQ_REG_PROTO_MIN]) {
57
-
priv->sreg_proto_min =
58
-
nft_parse_register(tb[NFTA_MASQ_REG_PROTO_MIN]);
59
-
60
-
err = nft_validate_register_load(priv->sreg_proto_min, plen);
57
+
err = nft_parse_register_load(tb[NFTA_MASQ_REG_PROTO_MIN],
58
+
&priv->sreg_proto_min, plen);
61
59
if (err < 0)
62
60
return err;
63
61
64
62
if (tb[NFTA_MASQ_REG_PROTO_MAX]) {
65
-
priv->sreg_proto_max =
66
-
nft_parse_register(tb[NFTA_MASQ_REG_PROTO_MAX]);
67
-
68
-
err = nft_validate_register_load(priv->sreg_proto_max,
69
-
plen);
63
+
err = nft_parse_register_load(tb[NFTA_MASQ_REG_PROTO_MAX],
64
+
&priv->sreg_proto_max,
65
+
plen);
70
66
if (err < 0)
71
67
return err;
72
68
} else {
+1
-2
net/netfilter/nft_meta.c
+1
-2
net/netfilter/nft_meta.c
+14
-21
net/netfilter/nft_nat.c
+14
-21
net/netfilter/nft_nat.c
···
21
21
#include <net/ip.h>
22
22
23
23
struct nft_nat {
24
-
enum nft_registers sreg_addr_min:8;
25
-
enum nft_registers sreg_addr_max:8;
26
-
enum nft_registers sreg_proto_min:8;
27
-
enum nft_registers sreg_proto_max:8;
24
+
u8 sreg_addr_min;
25
+
u8 sreg_addr_max;
26
+
u8 sreg_proto_min;
27
+
u8 sreg_proto_max;
28
28
enum nf_nat_manip_type type:8;
29
29
u8 family;
30
30
u16 flags;
···
206
206
priv->family = family;
207
207
208
208
if (tb[NFTA_NAT_REG_ADDR_MIN]) {
209
-
priv->sreg_addr_min =
210
-
nft_parse_register(tb[NFTA_NAT_REG_ADDR_MIN]);
211
-
err = nft_validate_register_load(priv->sreg_addr_min, alen);
209
+
err = nft_parse_register_load(tb[NFTA_NAT_REG_ADDR_MIN],
210
+
&priv->sreg_addr_min, alen);
212
211
if (err < 0)
213
212
return err;
214
213
215
214
if (tb[NFTA_NAT_REG_ADDR_MAX]) {
216
-
priv->sreg_addr_max =
217
-
nft_parse_register(tb[NFTA_NAT_REG_ADDR_MAX]);
218
-
219
-
err = nft_validate_register_load(priv->sreg_addr_max,
220
-
alen);
215
+
err = nft_parse_register_load(tb[NFTA_NAT_REG_ADDR_MAX],
216
+
&priv->sreg_addr_max,
217
+
alen);
221
218
if (err < 0)
222
219
return err;
223
220
} else {
···
226
229
227
230
plen = sizeof_field(struct nf_nat_range, min_addr.all);
228
231
if (tb[NFTA_NAT_REG_PROTO_MIN]) {
229
-
priv->sreg_proto_min =
230
-
nft_parse_register(tb[NFTA_NAT_REG_PROTO_MIN]);
231
-
232
-
err = nft_validate_register_load(priv->sreg_proto_min, plen);
232
+
err = nft_parse_register_load(tb[NFTA_NAT_REG_PROTO_MIN],
233
+
&priv->sreg_proto_min, plen);
233
234
if (err < 0)
234
235
return err;
235
236
236
237
if (tb[NFTA_NAT_REG_PROTO_MAX]) {
237
-
priv->sreg_proto_max =
238
-
nft_parse_register(tb[NFTA_NAT_REG_PROTO_MAX]);
239
-
240
-
err = nft_validate_register_load(priv->sreg_proto_max,
241
-
plen);
238
+
err = nft_parse_register_load(tb[NFTA_NAT_REG_PROTO_MAX],
239
+
&priv->sreg_proto_max,
240
+
plen);
242
241
if (err < 0)
243
242
return err;
244
243
} else {
+3
-3
net/netfilter/nft_objref.c
+3
-3
net/netfilter/nft_objref.c
···
95
95
96
96
struct nft_objref_map {
97
97
struct nft_set *set;
98
-
enum nft_registers sreg:8;
98
+
u8 sreg;
99
99
struct nft_set_binding binding;
100
100
};
101
101
···
137
137
if (!(set->flags & NFT_SET_OBJECT))
138
138
return -EINVAL;
139
139
140
-
priv->sreg = nft_parse_register(tb[NFTA_OBJREF_SET_SREG]);
141
-
err = nft_validate_register_load(priv->sreg, set->klen);
140
+
err = nft_parse_register_load(tb[NFTA_OBJREF_SET_SREG], &priv->sreg,
141
+
set->klen);
142
142
if (err < 0)
143
143
return err;
144
144
+2
-2
net/netfilter/nft_payload.c
+2
-2
net/netfilter/nft_payload.c
···
658
658
priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
659
659
priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
660
660
priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN]));
661
-
priv->sreg = nft_parse_register(tb[NFTA_PAYLOAD_SREG]);
662
661
663
662
if (tb[NFTA_PAYLOAD_CSUM_TYPE])
664
663
priv->csum_type =
···
690
691
return -EOPNOTSUPP;
691
692
}
692
693
693
-
return nft_validate_register_load(priv->sreg, priv->len);
694
+
return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg,
695
+
priv->len);
694
696
}
695
697
696
698
static int nft_payload_set_dump(struct sk_buff *skb, const struct nft_expr *expr)
+6
-6
net/netfilter/nft_queue.c
+6
-6
net/netfilter/nft_queue.c
···
19
19
static u32 jhash_initval __read_mostly;
20
20
21
21
struct nft_queue {
22
-
enum nft_registers sreg_qnum:8;
23
-
u16 queuenum;
24
-
u16 queues_total;
25
-
u16 flags;
22
+
u8 sreg_qnum;
23
+
u16 queuenum;
24
+
u16 queues_total;
25
+
u16 flags;
26
26
};
27
27
28
28
static void nft_queue_eval(const struct nft_expr *expr,
···
111
111
struct nft_queue *priv = nft_expr_priv(expr);
112
112
int err;
113
113
114
-
priv->sreg_qnum = nft_parse_register(tb[NFTA_QUEUE_SREG_QNUM]);
115
-
err = nft_validate_register_load(priv->sreg_qnum, sizeof(u32));
114
+
err = nft_parse_register_load(tb[NFTA_QUEUE_SREG_QNUM],
115
+
&priv->sreg_qnum, sizeof(u32));
116
116
if (err < 0)
117
117
return err;
118
118
+3
-3
net/netfilter/nft_range.c
+3
-3
net/netfilter/nft_range.c
···
15
15
struct nft_range_expr {
16
16
struct nft_data data_from;
17
17
struct nft_data data_to;
18
-
enum nft_registers sreg:8;
18
+
u8 sreg;
19
19
u8 len;
20
20
enum nft_range_ops op:8;
21
21
};
···
86
86
goto err2;
87
87
}
88
88
89
-
priv->sreg = nft_parse_register(tb[NFTA_RANGE_SREG]);
90
-
err = nft_validate_register_load(priv->sreg, desc_from.len);
89
+
err = nft_parse_register_load(tb[NFTA_RANGE_SREG], &priv->sreg,
90
+
desc_from.len);
91
91
if (err < 0)
92
92
goto err2;
93
93
+7
-11
net/netfilter/nft_redir.c
+7
-11
net/netfilter/nft_redir.c
···
14
14
#include <net/netfilter/nf_tables.h>
15
15
16
16
struct nft_redir {
17
-
enum nft_registers sreg_proto_min:8;
18
-
enum nft_registers sreg_proto_max:8;
17
+
u8 sreg_proto_min;
18
+
u8 sreg_proto_max;
19
19
u16 flags;
20
20
};
21
21
···
50
50
51
51
plen = sizeof_field(struct nf_nat_range, min_addr.all);
52
52
if (tb[NFTA_REDIR_REG_PROTO_MIN]) {
53
-
priv->sreg_proto_min =
54
-
nft_parse_register(tb[NFTA_REDIR_REG_PROTO_MIN]);
55
-
56
-
err = nft_validate_register_load(priv->sreg_proto_min, plen);
53
+
err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MIN],
54
+
&priv->sreg_proto_min, plen);
57
55
if (err < 0)
58
56
return err;
59
57
60
58
if (tb[NFTA_REDIR_REG_PROTO_MAX]) {
61
-
priv->sreg_proto_max =
62
-
nft_parse_register(tb[NFTA_REDIR_REG_PROTO_MAX]);
63
-
64
-
err = nft_validate_register_load(priv->sreg_proto_max,
65
-
plen);
59
+
err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MAX],
60
+
&priv->sreg_proto_max,
61
+
plen);
66
62
if (err < 0)
67
63
return err;
68
64
} else {
+7
-7
net/netfilter/nft_tproxy.c
+7
-7
net/netfilter/nft_tproxy.c
···
13
13
#endif
14
14
15
15
struct nft_tproxy {
16
-
enum nft_registers sreg_addr:8;
17
-
enum nft_registers sreg_port:8;
18
-
u8 family;
16
+
u8 sreg_addr;
17
+
u8 sreg_port;
18
+
u8 family;
19
19
};
20
20
21
21
static void nft_tproxy_eval_v4(const struct nft_expr *expr,
···
247
247
}
248
248
249
249
if (tb[NFTA_TPROXY_REG_ADDR]) {
250
-
priv->sreg_addr = nft_parse_register(tb[NFTA_TPROXY_REG_ADDR]);
251
-
err = nft_validate_register_load(priv->sreg_addr, alen);
250
+
err = nft_parse_register_load(tb[NFTA_TPROXY_REG_ADDR],
251
+
&priv->sreg_addr, alen);
252
252
if (err < 0)
253
253
return err;
254
254
}
255
255
256
256
if (tb[NFTA_TPROXY_REG_PORT]) {
257
-
priv->sreg_port = nft_parse_register(tb[NFTA_TPROXY_REG_PORT]);
258
-
err = nft_validate_register_load(priv->sreg_port, sizeof(u16));
257
+
err = nft_parse_register_load(tb[NFTA_TPROXY_REG_PORT],
258
+
&priv->sreg_port, sizeof(u16));
259
259
if (err < 0)
260
260
return err;
261
261
}