netfilter: nf_tables: Add extra bits for object handles

Message ID 20180123233722.7388-1-harshasharmaiitr@gmail.com
State Under Review
Delegated to: Pablo Neira
Headers show
Series
  • netfilter: nf_tables: Add extra bits for object handles
Related show

Commit Message

Harsha Sharma Jan. 23, 2018, 11:37 p.m.
Add extra bits for table, chain, sets and object handle.

Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
---
 net/netfilter/nf_tables_trace.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Pablo Neira Ayuso Jan. 24, 2018, 3:57 p.m. | #1
On Wed, Jan 24, 2018 at 05:07:22AM +0530, Harsha Sharma wrote:
> Add extra bits for table, chain, sets and object handle.
> 
> Signed-off-by: Harsha Sharma <harshasharmaiitr@gmail.com>
> ---
>  net/netfilter/nf_tables_trace.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/nf_tables_trace.c b/net/netfilter/nf_tables_trace.c
> index e1dc527a493b..f804c3924d32 100644
> --- a/net/netfilter/nf_tables_trace.c
> +++ b/net/netfilter/nf_tables_trace.c
> @@ -212,7 +212,11 @@ void nft_trace_notify(struct nft_traceinfo *info)
>  		nla_total_size(sizeof(__be16)) +	/* oiftype */
>  		nla_total_size(sizeof(u32)) +		/* mark */
>  		nla_total_size(sizeof(u32)) +		/* nfproto */
> -		nla_total_size(sizeof(u32));		/* policy */
> +		nla_total_size(sizeof(u32)); +		/* policy */
> +		nla_total_size_64bit(sizeof(__be64)) +	/* table handle */
> +		nla_total_size_64bit(sizeof(__be64)) +	/* chain handle */
> +		nla_total_size_64bit(sizeof(__be64)) +	/* set handle */
> +		nla_total_size_64bit(sizeof(__be64))	/* object handle */

I think just two of this should be fine. Is nla_total_size_64bit()
accounting for padding too?

I would like to see the userspace patches in place too, to test this.

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/nf_tables_trace.c b/net/netfilter/nf_tables_trace.c
index e1dc527a493b..f804c3924d32 100644
--- a/net/netfilter/nf_tables_trace.c
+++ b/net/netfilter/nf_tables_trace.c
@@ -212,7 +212,11 @@  void nft_trace_notify(struct nft_traceinfo *info)
 		nla_total_size(sizeof(__be16)) +	/* oiftype */
 		nla_total_size(sizeof(u32)) +		/* mark */
 		nla_total_size(sizeof(u32)) +		/* nfproto */
-		nla_total_size(sizeof(u32));		/* policy */
+		nla_total_size(sizeof(u32)); +		/* policy */
+		nla_total_size_64bit(sizeof(__be64)) +	/* table handle */
+		nla_total_size_64bit(sizeof(__be64)) +	/* chain handle */
+		nla_total_size_64bit(sizeof(__be64)) +	/* set handle */
+		nla_total_size_64bit(sizeof(__be64))	/* object handle */
 
 	if (nft_trace_have_verdict_chain(info))
 		size += nla_total_size(strlen(info->verdict->chain->name)); /* jump target */