tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: ipset: add xt_action_param to the variant level kadt functions, ipset API change

With the change the sets can use any parameter available for the match
and target extensions, like input/output interface. It's required for
the hash:net,iface set type.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Jozsef Kadlecsik and committed by
Patrick McHardy b66554cf e6146e86

+43 -16
+5
include/linux/netfilter/ipset/ip_set.h
··· 170 170 #include <linux/ipv6.h> 171 171 #include <linux/netlink.h> 172 172 #include <linux/netfilter.h> 173 + #include <linux/netfilter/x_tables.h> 173 174 #include <linux/vmalloc.h> 174 175 #include <net/netlink.h> 175 176 ··· 239 238 * zero for no match/success to add/delete 240 239 * positive for matching element */ 241 240 int (*kadt)(struct ip_set *set, const struct sk_buff * skb, 241 + const struct xt_action_param *par, 242 242 enum ipset_adt adt, const struct ip_set_adt_opt *opt); 243 243 244 244 /* Userspace: test/add/del entries ··· 334 332 /* API for iptables set match, and SET target */ 335 333 336 334 extern int ip_set_add(ip_set_id_t id, const struct sk_buff *skb, 335 + const struct xt_action_param *par, 337 336 const struct ip_set_adt_opt *opt); 338 337 extern int ip_set_del(ip_set_id_t id, const struct sk_buff *skb, 338 + const struct xt_action_param *par, 339 339 const struct ip_set_adt_opt *opt); 340 340 extern int ip_set_test(ip_set_id_t id, const struct sk_buff *skb, 341 + const struct xt_action_param *par, 341 342 const struct ip_set_adt_opt *opt); 342 343 343 344 /* Utility functions */
+1
include/linux/netfilter/ipset/ip_set_ahash.h
··· 599 599 600 600 static int 601 601 type_pf_kadt(struct ip_set *set, const struct sk_buff * skb, 602 + const struct xt_action_param *par, 602 603 enum ipset_adt adt, const struct ip_set_adt_opt *opt); 603 604 static int 604 605 type_pf_uadt(struct ip_set *set, struct nlattr *tb[],
+1
net/netfilter/ipset/ip_set_bitmap_ip.c
··· 219 219 220 220 static int 221 221 bitmap_ip_kadt(struct ip_set *set, const struct sk_buff *skb, 222 + const struct xt_action_param *par, 222 223 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 223 224 { 224 225 struct bitmap_ip *map = set->data;
+1
net/netfilter/ipset/ip_set_bitmap_ipmac.c
··· 338 338 339 339 static int 340 340 bitmap_ipmac_kadt(struct ip_set *set, const struct sk_buff *skb, 341 + const struct xt_action_param *par, 341 342 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 342 343 { 343 344 struct bitmap_ipmac *map = set->data;
+1
net/netfilter/ipset/ip_set_bitmap_port.c
··· 208 208 209 209 static int 210 210 bitmap_port_kadt(struct ip_set *set, const struct sk_buff *skb, 211 + const struct xt_action_param *par, 211 212 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 212 213 { 213 214 struct bitmap_port *map = set->data;
+8 -4
net/netfilter/ipset/ip_set_core.c
··· 21 21 #include <net/netlink.h> 22 22 23 23 #include <linux/netfilter.h> 24 + #include <linux/netfilter/x_tables.h> 24 25 #include <linux/netfilter/nfnetlink.h> 25 26 #include <linux/netfilter/ipset/ip_set.h> 26 27 ··· 329 328 330 329 int 331 330 ip_set_test(ip_set_id_t index, const struct sk_buff *skb, 331 + const struct xt_action_param *par, 332 332 const struct ip_set_adt_opt *opt) 333 333 { 334 334 struct ip_set *set = ip_set_list[index]; ··· 343 341 return 0; 344 342 345 343 read_lock_bh(&set->lock); 346 - ret = set->variant->kadt(set, skb, IPSET_TEST, opt); 344 + ret = set->variant->kadt(set, skb, par, IPSET_TEST, opt); 347 345 read_unlock_bh(&set->lock); 348 346 349 347 if (ret == -EAGAIN) { 350 348 /* Type requests element to be completed */ 351 349 pr_debug("element must be competed, ADD is triggered\n"); 352 350 write_lock_bh(&set->lock); 353 - set->variant->kadt(set, skb, IPSET_ADD, opt); 351 + set->variant->kadt(set, skb, par, IPSET_ADD, opt); 354 352 write_unlock_bh(&set->lock); 355 353 ret = 1; 356 354 } ··· 362 360 363 361 int 364 362 ip_set_add(ip_set_id_t index, const struct sk_buff *skb, 363 + const struct xt_action_param *par, 365 364 const struct ip_set_adt_opt *opt) 366 365 { 367 366 struct ip_set *set = ip_set_list[index]; ··· 376 373 return 0; 377 374 378 375 write_lock_bh(&set->lock); 379 - ret = set->variant->kadt(set, skb, IPSET_ADD, opt); 376 + ret = set->variant->kadt(set, skb, par, IPSET_ADD, opt); 380 377 write_unlock_bh(&set->lock); 381 378 382 379 return ret; ··· 385 382 386 383 int 387 384 ip_set_del(ip_set_id_t index, const struct sk_buff *skb, 385 + const struct xt_action_param *par, 388 386 const struct ip_set_adt_opt *opt) 389 387 { 390 388 struct ip_set *set = ip_set_list[index]; ··· 399 395 return 0; 400 396 401 397 write_lock_bh(&set->lock); 402 - ret = set->variant->kadt(set, skb, IPSET_DEL, opt); 398 + ret = set->variant->kadt(set, skb, par, IPSET_DEL, opt); 403 399 write_unlock_bh(&set->lock); 404 400 405 401 return ret;
+2
net/netfilter/ipset/ip_set_hash_ip.c
··· 116 116 117 117 static int 118 118 hash_ip4_kadt(struct ip_set *set, const struct sk_buff *skb, 119 + const struct xt_action_param *par, 119 120 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 120 121 { 121 122 const struct ip_set_hash *h = set->data; ··· 296 295 297 296 static int 298 297 hash_ip6_kadt(struct ip_set *set, const struct sk_buff *skb, 298 + const struct xt_action_param *par, 299 299 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 300 300 { 301 301 const struct ip_set_hash *h = set->data;
+2
net/netfilter/ipset/ip_set_hash_ipport.c
··· 134 134 135 135 static int 136 136 hash_ipport4_kadt(struct ip_set *set, const struct sk_buff *skb, 137 + const struct xt_action_param *par, 137 138 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 138 139 { 139 140 const struct ip_set_hash *h = set->data; ··· 349 348 350 349 static int 351 350 hash_ipport6_kadt(struct ip_set *set, const struct sk_buff *skb, 351 + const struct xt_action_param *par, 352 352 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 353 353 { 354 354 const struct ip_set_hash *h = set->data;
+2
net/netfilter/ipset/ip_set_hash_ipportip.c
··· 137 137 138 138 static int 139 139 hash_ipportip4_kadt(struct ip_set *set, const struct sk_buff *skb, 140 + const struct xt_action_param *par, 140 141 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 141 142 { 142 143 const struct ip_set_hash *h = set->data; ··· 362 361 363 362 static int 364 363 hash_ipportip6_kadt(struct ip_set *set, const struct sk_buff *skb, 364 + const struct xt_action_param *par, 365 365 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 366 366 { 367 367 const struct ip_set_hash *h = set->data;
+2
net/netfilter/ipset/ip_set_hash_ipportnet.c
··· 151 151 152 152 static int 153 153 hash_ipportnet4_kadt(struct ip_set *set, const struct sk_buff *skb, 154 + const struct xt_action_param *par, 154 155 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 155 156 { 156 157 const struct ip_set_hash *h = set->data; ··· 429 428 430 429 static int 431 430 hash_ipportnet6_kadt(struct ip_set *set, const struct sk_buff *skb, 431 + const struct xt_action_param *par, 432 432 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 433 433 { 434 434 const struct ip_set_hash *h = set->data;
+2
net/netfilter/ipset/ip_set_hash_net.c
··· 134 134 135 135 static int 136 136 hash_net4_kadt(struct ip_set *set, const struct sk_buff *skb, 137 + const struct xt_action_param *par, 137 138 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 138 139 { 139 140 const struct ip_set_hash *h = set->data; ··· 331 330 332 331 static int 333 332 hash_net6_kadt(struct ip_set *set, const struct sk_buff *skb, 333 + const struct xt_action_param *par, 334 334 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 335 335 { 336 336 const struct ip_set_hash *h = set->data;
+2
net/netfilter/ipset/ip_set_hash_netport.c
··· 147 147 148 148 static int 149 149 hash_netport4_kadt(struct ip_set *set, const struct sk_buff *skb, 150 + const struct xt_action_param *par, 150 151 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 151 152 { 152 153 const struct ip_set_hash *h = set->data; ··· 391 390 392 391 static int 393 392 hash_netport6_kadt(struct ip_set *set, const struct sk_buff *skb, 393 + const struct xt_action_param *par, 394 394 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 395 395 { 396 396 const struct ip_set_hash *h = set->data;
+4 -3
net/netfilter/ipset/ip_set_list_set.c
··· 72 72 73 73 static int 74 74 list_set_kadt(struct ip_set *set, const struct sk_buff *skb, 75 + const struct xt_action_param *par, 75 76 enum ipset_adt adt, const struct ip_set_adt_opt *opt) 76 77 { 77 78 struct list_set *map = set->data; ··· 88 87 continue; 89 88 switch (adt) { 90 89 case IPSET_TEST: 91 - ret = ip_set_test(elem->id, skb, opt); 90 + ret = ip_set_test(elem->id, skb, par, opt); 92 91 if (ret > 0) 93 92 return ret; 94 93 break; 95 94 case IPSET_ADD: 96 - ret = ip_set_add(elem->id, skb, opt); 95 + ret = ip_set_add(elem->id, skb, par, opt); 97 96 if (ret == 0) 98 97 return ret; 99 98 break; 100 99 case IPSET_DEL: 101 - ret = ip_set_del(elem->id, skb, opt); 100 + ret = ip_set_del(elem->id, skb, par, opt); 102 101 if (ret == 0) 103 102 return ret; 104 103 break;
+10 -9
net/netfilter/xt_set.c
··· 29 29 30 30 static inline int 31 31 match_set(ip_set_id_t index, const struct sk_buff *skb, 32 + const struct xt_action_param *par, 32 33 const struct ip_set_adt_opt *opt, int inv) 33 34 { 34 - if (ip_set_test(index, skb, opt)) 35 + if (ip_set_test(index, skb, par, opt)) 35 36 inv = !inv; 36 37 return inv; 37 38 } ··· 55 54 ADT_OPT(opt, par->family, info->match_set.u.compat.dim, 56 55 info->match_set.u.compat.flags, 0, UINT_MAX); 57 56 58 - return match_set(info->match_set.index, skb, &opt, 57 + return match_set(info->match_set.index, skb, par, &opt, 59 58 info->match_set.u.compat.flags & IPSET_INV_MATCH); 60 59 } 61 60 ··· 119 118 info->del_set.u.compat.flags, 0, UINT_MAX); 120 119 121 120 if (info->add_set.index != IPSET_INVALID_ID) 122 - ip_set_add(info->add_set.index, skb, &add_opt); 121 + ip_set_add(info->add_set.index, skb, par, &add_opt); 123 122 if (info->del_set.index != IPSET_INVALID_ID) 124 - ip_set_del(info->del_set.index, skb, &del_opt); 123 + ip_set_del(info->del_set.index, skb, par, &del_opt); 125 124 126 125 return XT_CONTINUE; 127 126 } ··· 189 188 ADT_OPT(opt, par->family, info->match_set.dim, 190 189 info->match_set.flags, 0, UINT_MAX); 191 190 192 - return match_set(info->match_set.index, skb, &opt, 191 + return match_set(info->match_set.index, skb, par, &opt, 193 192 info->match_set.flags & IPSET_INV_MATCH); 194 193 } 195 194 ··· 234 233 info->del_set.flags, 0, UINT_MAX); 235 234 236 235 if (info->add_set.index != IPSET_INVALID_ID) 237 - ip_set_add(info->add_set.index, skb, &add_opt); 236 + ip_set_add(info->add_set.index, skb, par, &add_opt); 238 237 if (info->del_set.index != IPSET_INVALID_ID) 239 - ip_set_del(info->del_set.index, skb, &del_opt); 238 + ip_set_del(info->del_set.index, skb, par, &del_opt); 240 239 241 240 return XT_CONTINUE; 242 241 } ··· 303 302 info->del_set.flags, 0, UINT_MAX); 304 303 305 304 if (info->add_set.index != IPSET_INVALID_ID) 306 - ip_set_add(info->add_set.index, skb, &add_opt); 305 + ip_set_add(info->add_set.index, skb, par, &add_opt); 307 306 if (info->del_set.index != IPSET_INVALID_ID) 308 - ip_set_del(info->del_set.index, skb, &del_opt); 307 + ip_set_del(info->del_set.index, skb, par, &del_opt); 309 308 310 309 return XT_CONTINUE; 311 310 }