@@ -1122,6 +1122,10 @@ struct nft_object_type {
const struct nla_policy *policy;
};
+struct nft_object_ref {
+ struct nft_object *obj;
+};
+
/**
* struct nft_object_ops - stateful object operations
*
@@ -11,23 +11,22 @@
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables.h>
-#define nft_objref_priv(expr) *((struct nft_object **)nft_expr_priv(expr))
-
static void nft_objref_eval(const struct nft_expr *expr,
struct nft_regs *regs,
const struct nft_pktinfo *pkt)
{
- struct nft_object *obj = nft_objref_priv(expr);
+ struct nft_object_ref *priv = nft_expr_priv(expr);
- obj->ops->eval(obj, regs, pkt);
+ priv->obj->ops->eval(priv->obj, regs, pkt);
}
static int nft_objref_init(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nlattr * const tb[])
{
- struct nft_object *obj = nft_objref_priv(expr);
+ struct nft_object_ref *priv = nft_expr_priv(expr);
u8 genmask = nft_genmask_next(ctx->net);
+ struct nft_object *obj;
u32 objtype;
if (!tb[NFTA_OBJREF_IMM_NAME] ||
@@ -41,15 +40,16 @@ static int nft_objref_init(const struct nft_ctx *ctx,
if (IS_ERR(obj))
return -ENOENT;
- nft_objref_priv(expr) = obj;
obj->use++;
+ priv->obj = obj;
return 0;
}
static int nft_objref_dump(struct sk_buff *skb, const struct nft_expr *expr)
{
- const struct nft_object *obj = nft_objref_priv(expr);
+ const struct nft_object_ref *priv = nft_expr_priv(expr);
+ const struct nft_object *obj = priv->obj;
if (nla_put_string(skb, NFTA_OBJREF_IMM_NAME, obj->key.name) ||
nla_put_be32(skb, NFTA_OBJREF_TYPE,
@@ -66,7 +66,8 @@ static void nft_objref_deactivate(const struct nft_ctx *ctx,
const struct nft_expr *expr,
enum nft_trans_phase phase)
{
- struct nft_object *obj = nft_objref_priv(expr);
+ struct nft_object_ref *priv = nft_expr_priv(expr);
+ struct nft_object *obj = priv->obj;
if (phase == NFT_TRANS_COMMIT)
return;
@@ -77,7 +78,8 @@ static void nft_objref_deactivate(const struct nft_ctx *ctx,
static void nft_objref_activate(const struct nft_ctx *ctx,
const struct nft_expr *expr)
{
- struct nft_object *obj = nft_objref_priv(expr);
+ struct nft_object_ref *priv = nft_expr_priv(expr);
+ struct nft_object *obj = priv->obj;
obj->use++;
}
@@ -85,7 +87,7 @@ static void nft_objref_activate(const struct nft_ctx *ctx,
static struct nft_expr_type nft_objref_type;
static const struct nft_expr_ops nft_objref_ops = {
.type = &nft_objref_type,
- .size = NFT_EXPR_SIZE(sizeof(struct nft_object *)),
+ .size = NFT_EXPR_SIZE(sizeof(struct nft_object_ref)),
.eval = nft_objref_eval,
.init = nft_objref_init,
.activate = nft_objref_activate,
This allows to extend this private expression area with new fields. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/net/netfilter/nf_tables.h | 4 ++++ net/netfilter/nft_objref.c | 22 ++++++++++++---------- 2 files changed, 16 insertions(+), 10 deletions(-)