netfilter: nf_tables: add nft_set_lookup()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This new function consolidates set lookup via either name or ID by
introducing a new nft_set_lookup() function. Replace existing spots
where we can use this too.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 9 years ago c7a72e3f c56e3956

+41 -41

5 changed files

expand all

include

net

netfilter

nf_tables.h

net

netfilter

nf_tables_api.c

nft_dynset.c

nft_lookup.c

nft_objref.c

+5 -4

include/net/netfilter/nf_tables.h

··· 385 385 return (void *)priv - offsetof(struct nft_set, data); 386 386 } 387 387 388 - struct nft_set *nf_tables_set_lookup(const struct nft_table *table, 389 - const struct nlattr *nla, u8 genmask); 390 - struct nft_set *nf_tables_set_lookup_byid(const struct net *net, 391 - const struct nlattr *nla, u8 genmask); 388 + struct nft_set *nft_set_lookup(const struct net *net, 389 + const struct nft_table *table, 390 + const struct nlattr *nla_set_name, 391 + const struct nlattr *nla_set_id, 392 + u8 genmask); 392 393 393 394 static inline unsigned long nft_set_gc_interval(const struct nft_set *set) 394 395 {

+24 -7

net/netfilter/nf_tables_api.c

··· 2534 2534 return 0; 2535 2535 } 2536 2536 2537 - struct nft_set *nf_tables_set_lookup(const struct nft_table *table, 2538 - const struct nlattr *nla, u8 genmask) 2537 + static struct nft_set *nf_tables_set_lookup(const struct nft_table *table, 2538 + const struct nlattr *nla, u8 genmask) 2539 2539 { 2540 2540 struct nft_set *set; 2541 2541 ··· 2549 2549 } 2550 2550 return ERR_PTR(-ENOENT); 2551 2551 } 2552 - EXPORT_SYMBOL_GPL(nf_tables_set_lookup); 2553 2552 2554 - struct nft_set *nf_tables_set_lookup_byid(const struct net *net, 2555 - const struct nlattr *nla, 2556 - u8 genmask) 2553 + static struct nft_set *nf_tables_set_lookup_byid(const struct net *net, 2554 + const struct nlattr *nla, 2555 + u8 genmask) 2557 2556 { 2558 2557 struct nft_trans *trans; 2559 2558 u32 id = ntohl(nla_get_be32(nla)); ··· 2567 2568 } 2568 2569 return ERR_PTR(-ENOENT); 2569 2570 } 2570 - EXPORT_SYMBOL_GPL(nf_tables_set_lookup_byid); 2571 + 2572 + struct nft_set *nft_set_lookup(const struct net *net, 2573 + const struct nft_table *table, 2574 + const struct nlattr *nla_set_name, 2575 + const struct nlattr *nla_set_id, 2576 + u8 genmask) 2577 + { 2578 + struct nft_set *set; 2579 + 2580 + set = nf_tables_set_lookup(table, nla_set_name, genmask); 2581 + if (IS_ERR(set)) { 2582 + if (!nla_set_id) 2583 + return set; 2584 + 2585 + set = nf_tables_set_lookup_byid(net, nla_set_id, genmask); 2586 + } 2587 + return set; 2588 + } 2589 + EXPORT_SYMBOL_GPL(nft_set_lookup); 2571 2590 2572 2591 static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, 2573 2592 const char *name)

+4 -10

net/netfilter/nft_dynset.c

··· 133 133 priv->invert = true; 134 134 } 135 135 136 - set = nf_tables_set_lookup(ctx->table, tb[NFTA_DYNSET_SET_NAME], 137 - genmask); 138 - if (IS_ERR(set)) { 139 - if (tb[NFTA_DYNSET_SET_ID]) 140 - set = nf_tables_set_lookup_byid(ctx->net, 141 - tb[NFTA_DYNSET_SET_ID], 142 - genmask); 143 - if (IS_ERR(set)) 144 - return PTR_ERR(set); 145 - } 136 + set = nft_set_lookup(ctx->net, ctx->table, tb[NFTA_DYNSET_SET_NAME], 137 + tb[NFTA_DYNSET_SET_ID], genmask); 138 + if (IS_ERR(set)) 139 + return PTR_ERR(set); 146 140 147 141 if (set->ops->update == NULL) 148 142 return -EOPNOTSUPP;

+4 -10

net/netfilter/nft_lookup.c

··· 71 71 tb[NFTA_LOOKUP_SREG] == NULL) 72 72 return -EINVAL; 73 73 74 - set = nf_tables_set_lookup(ctx->table, tb[NFTA_LOOKUP_SET], genmask); 75 - if (IS_ERR(set)) { 76 - if (tb[NFTA_LOOKUP_SET_ID]) { 77 - set = nf_tables_set_lookup_byid(ctx->net, 78 - tb[NFTA_LOOKUP_SET_ID], 79 - genmask); 80 - } 81 - if (IS_ERR(set)) 82 - return PTR_ERR(set); 83 - } 74 + set = nft_set_lookup(ctx->net, ctx->table, tb[NFTA_LOOKUP_SET], 75 + tb[NFTA_LOOKUP_SET_ID], genmask); 76 + if (IS_ERR(set)) 77 + return PTR_ERR(set); 84 78 85 79 if (set->flags & NFT_SET_EVAL) 86 80 return -EOPNOTSUPP;

+4 -10

net/netfilter/nft_objref.c

··· 116 116 struct nft_set *set; 117 117 int err; 118 118 119 - set = nf_tables_set_lookup(ctx->table, tb[NFTA_OBJREF_SET_NAME], genmask); 120 - if (IS_ERR(set)) { 121 - if (tb[NFTA_OBJREF_SET_ID]) { 122 - set = nf_tables_set_lookup_byid(ctx->net, 123 - tb[NFTA_OBJREF_SET_ID], 124 - genmask); 125 - } 126 - if (IS_ERR(set)) 127 - return PTR_ERR(set); 128 - } 119 + set = nft_set_lookup(ctx->net, ctx->table, tb[NFTA_OBJREF_SET_NAME], 120 + tb[NFTA_OBJREF_SET_ID], genmask); 121 + if (IS_ERR(set)) 122 + return PTR_ERR(set); 129 123 130 124 if (!(set->flags & NFT_SET_OBJECT)) 131 125 return -EINVAL;