Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/809819/?format=api
{ "id": 809819, "url": "http://patchwork.ozlabs.org/api/1.2/patches/809819/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/1504555874-4168-5-git-send-email-pablo@netfilter.org/", "project": { "id": 7, "url": "http://patchwork.ozlabs.org/api/1.2/projects/7/?format=api", "name": "Linux network development", "link_name": "netdev", "list_id": "netdev.vger.kernel.org", "list_email": "netdev@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<1504555874-4168-5-git-send-email-pablo@netfilter.org>", "list_archive_url": null, "date": "2017-09-04T20:11:06", "name": "[04/12] netfilter: nft_limit: add stateful object type", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": true, "hash": "7d840b1f3d743418912a80010641f4eae361d045", "submitter": { "id": 1315, "url": "http://patchwork.ozlabs.org/api/1.2/people/1315/?format=api", "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org" }, "delegate": { "id": 34, "url": "http://patchwork.ozlabs.org/api/1.2/users/34/?format=api", "username": "davem", "first_name": "David", "last_name": "Miller", "email": "davem@davemloft.net" }, "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/1504555874-4168-5-git-send-email-pablo@netfilter.org/mbox/", "series": [ { "id": 1451, "url": "http://patchwork.ozlabs.org/api/1.2/series/1451/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=1451", "date": "2017-09-04T20:11:02", "name": "[01/12] netfilter: xt_hashlimit: add rate match mode", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/1451/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/809819/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/809819/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<netdev-owner@vger.kernel.org>", "X-Original-To": "patchwork-incoming@ozlabs.org", "Delivered-To": "patchwork-incoming@ozlabs.org", "Authentication-Results": "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)", "Received": [ "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xmLcc5B4Yz9t2R\n\tfor <patchwork-incoming@ozlabs.org>;\n\tTue, 5 Sep 2017 06:12:48 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1754445AbdIDUMq (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tMon, 4 Sep 2017 16:12:46 -0400", "from mail.us.es ([193.147.175.20]:42160 \"EHLO mail.us.es\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1754677AbdIDULa (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tMon, 4 Sep 2017 16:11:30 -0400", "from antivirus1-rhel7.int (unknown [192.168.2.11])\n\tby mail.us.es (Postfix) with ESMTP id A249E532F8E\n\tfor <netdev@vger.kernel.org>; Mon, 4 Sep 2017 22:11:02 +0200 (CEST)", "from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 92473B5028\n\tfor <netdev@vger.kernel.org>; Mon, 4 Sep 2017 22:11:02 +0200 (CEST)", "by antivirus1-rhel7.int (Postfix, from userid 99)\n\tid 87D535CD; Mon, 4 Sep 2017 22:11:02 +0200 (CEST)", "from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 28ABBB502E;\n\tMon, 4 Sep 2017 22:10:58 +0200 (CEST)", "from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int\n\t(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); \n\tMon, 04 Sep 2017 22:10:58 +0200 (CEST)", "from salvia.here (129.166.216.87.static.jazztel.es\n\t[87.216.166.129]) (Authenticated sender: pneira@us.es)\n\tby entrada.int (Postfix) with ESMTPA id C7EE04265A22;\n\tMon, 4 Sep 2017 22:10:57 +0200 (CEST)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.1 (2015-04-28) on\n\tantivirus1-rhel7.int", "X-Spam-Level": "", "X-Spam-Status": "No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,\n\tSMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1", "X-Virus-Status": "clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)", "X-SMTPAUTHUS": "auth mail.us.es", "From": "Pablo Neira Ayuso <pablo@netfilter.org>", "To": "netfilter-devel@vger.kernel.org", "Cc": "davem@davemloft.net, netdev@vger.kernel.org", "Subject": "[PATCH 04/12] netfilter: nft_limit: add stateful object type", "Date": "Mon, 4 Sep 2017 22:11:06 +0200", "Message-Id": "<1504555874-4168-5-git-send-email-pablo@netfilter.org>", "X-Mailer": "git-send-email 2.1.4", "In-Reply-To": "<1504555874-4168-1-git-send-email-pablo@netfilter.org>", "References": "<1504555874-4168-1-git-send-email-pablo@netfilter.org>", "X-Virus-Scanned": "ClamAV using ClamSMTP", "Sender": "netdev-owner@vger.kernel.org", "Precedence": "bulk", "List-ID": "<netdev.vger.kernel.org>", "X-Mailing-List": "netdev@vger.kernel.org" }, "content": "From: \"Pablo M. Bermudo Garay\" <pablombg@gmail.com>\n\nRegister a new limit stateful object type into the stateful object\ninfrastructure.\n\nSigned-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n include/uapi/linux/netfilter/nf_tables.h | 3 +-\n net/netfilter/nft_limit.c | 122 ++++++++++++++++++++++++++++++-\n 2 files changed, 123 insertions(+), 2 deletions(-)", "diff": "diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h\nindex b49da72efa68..871afa4871bf 100644\n--- a/include/uapi/linux/netfilter/nf_tables.h\n+++ b/include/uapi/linux/netfilter/nf_tables.h\n@@ -1282,7 +1282,8 @@ enum nft_ct_helper_attributes {\n #define NFT_OBJECT_COUNTER\t1\n #define NFT_OBJECT_QUOTA\t2\n #define NFT_OBJECT_CT_HELPER\t3\n-#define __NFT_OBJECT_MAX\t4\n+#define NFT_OBJECT_LIMIT\t4\n+#define __NFT_OBJECT_MAX\t5\n #define NFT_OBJECT_MAX\t\t(__NFT_OBJECT_MAX - 1)\n \n /**\ndiff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c\nindex aae2d1ec27f3..a9fc298ef4c3 100644\n--- a/net/netfilter/nft_limit.c\n+++ b/net/netfilter/nft_limit.c\n@@ -229,14 +229,133 @@ static struct nft_expr_type nft_limit_type __read_mostly = {\n \t.owner\t\t= THIS_MODULE,\n };\n \n+static void nft_limit_obj_pkts_eval(struct nft_object *obj,\n+\t\t\t\t struct nft_regs *regs,\n+\t\t\t\t const struct nft_pktinfo *pkt)\n+{\n+\tstruct nft_limit_pkts *priv = nft_obj_data(obj);\n+\n+\tif (nft_limit_eval(&priv->limit, priv->cost))\n+\t\tregs->verdict.code = NFT_BREAK;\n+}\n+\n+static int nft_limit_obj_pkts_init(const struct nft_ctx *ctx,\n+\t\t\t\t const struct nlattr * const tb[],\n+\t\t\t\t struct nft_object *obj)\n+{\n+\tstruct nft_limit_pkts *priv = nft_obj_data(obj);\n+\tint err;\n+\n+\terr = nft_limit_init(&priv->limit, tb);\n+\tif (err < 0)\n+\t\treturn err;\n+\n+\tpriv->cost = div64_u64(priv->limit.nsecs, priv->limit.rate);\n+\treturn 0;\n+}\n+\n+static int nft_limit_obj_pkts_dump(struct sk_buff *skb,\n+\t\t\t\t struct nft_object *obj,\n+\t\t\t\t bool reset)\n+{\n+\tconst struct nft_limit_pkts *priv = nft_obj_data(obj);\n+\n+\treturn nft_limit_dump(skb, &priv->limit, NFT_LIMIT_PKTS);\n+}\n+\n+static struct nft_object_type nft_limit_obj_type;\n+static const struct nft_object_ops nft_limit_obj_pkts_ops = {\n+\t.type\t\t= &nft_limit_obj_type,\n+\t.size\t\t= NFT_EXPR_SIZE(sizeof(struct nft_limit_pkts)),\n+\t.init\t\t= nft_limit_obj_pkts_init,\n+\t.eval\t\t= nft_limit_obj_pkts_eval,\n+\t.dump\t\t= nft_limit_obj_pkts_dump,\n+};\n+\n+static void nft_limit_obj_bytes_eval(struct nft_object *obj,\n+\t\t\t\t struct nft_regs *regs,\n+\t\t\t\t const struct nft_pktinfo *pkt)\n+{\n+\tstruct nft_limit *priv = nft_obj_data(obj);\n+\tu64 cost = div64_u64(priv->nsecs * pkt->skb->len, priv->rate);\n+\n+\tif (nft_limit_eval(priv, cost))\n+\t\tregs->verdict.code = NFT_BREAK;\n+}\n+\n+static int nft_limit_obj_bytes_init(const struct nft_ctx *ctx,\n+\t\t\t\t const struct nlattr * const tb[],\n+\t\t\t\t struct nft_object *obj)\n+{\n+\tstruct nft_limit *priv = nft_obj_data(obj);\n+\n+\treturn nft_limit_init(priv, tb);\n+}\n+\n+static int nft_limit_obj_bytes_dump(struct sk_buff *skb,\n+\t\t\t\t struct nft_object *obj,\n+\t\t\t\t bool reset)\n+{\n+\tconst struct nft_limit *priv = nft_obj_data(obj);\n+\n+\treturn nft_limit_dump(skb, priv, NFT_LIMIT_PKT_BYTES);\n+}\n+\n+static struct nft_object_type nft_limit_obj_type;\n+static const struct nft_object_ops nft_limit_obj_bytes_ops = {\n+\t.type\t\t= &nft_limit_obj_type,\n+\t.size\t\t= sizeof(struct nft_limit),\n+\t.init\t\t= nft_limit_obj_bytes_init,\n+\t.eval\t\t= nft_limit_obj_bytes_eval,\n+\t.dump\t\t= nft_limit_obj_bytes_dump,\n+};\n+\n+static const struct nft_object_ops *\n+nft_limit_obj_select_ops(const struct nft_ctx *ctx,\n+\t\t\t const struct nlattr * const tb[])\n+{\n+\tif (!tb[NFTA_LIMIT_TYPE])\n+\t\treturn &nft_limit_obj_pkts_ops;\n+\n+\tswitch (ntohl(nla_get_be32(tb[NFTA_LIMIT_TYPE]))) {\n+\tcase NFT_LIMIT_PKTS:\n+\t\treturn &nft_limit_obj_pkts_ops;\n+\tcase NFT_LIMIT_PKT_BYTES:\n+\t\treturn &nft_limit_obj_bytes_ops;\n+\t}\n+\treturn ERR_PTR(-EOPNOTSUPP);\n+}\n+\n+static struct nft_object_type nft_limit_obj_type __read_mostly = {\n+\t.select_ops\t= nft_limit_obj_select_ops,\n+\t.type\t\t= NFT_OBJECT_LIMIT,\n+\t.maxattr\t= NFTA_LIMIT_MAX,\n+\t.policy\t\t= nft_limit_policy,\n+\t.owner\t\t= THIS_MODULE,\n+};\n+\n static int __init nft_limit_module_init(void)\n {\n-\treturn nft_register_expr(&nft_limit_type);\n+\tint err;\n+\n+\terr = nft_register_obj(&nft_limit_obj_type);\n+\tif (err < 0)\n+\t\treturn err;\n+\n+\terr = nft_register_expr(&nft_limit_type);\n+\tif (err < 0)\n+\t\tgoto err1;\n+\n+\treturn 0;\n+err1:\n+\tnft_unregister_obj(&nft_limit_obj_type);\n+\treturn err;\n }\n \n static void __exit nft_limit_module_exit(void)\n {\n \tnft_unregister_expr(&nft_limit_type);\n+\tnft_unregister_obj(&nft_limit_obj_type);\n }\n \n module_init(nft_limit_module_init);\n@@ -245,3 +364,4 @@ module_exit(nft_limit_module_exit);\n MODULE_LICENSE(\"GPL\");\n MODULE_AUTHOR(\"Patrick McHardy <kaber@trash.net>\");\n MODULE_ALIAS_NFT_EXPR(\"limit\");\n+MODULE_ALIAS_NFT_OBJ(NFT_OBJECT_LIMIT);\n", "prefixes": [ "04/12" ] }