From patchwork Tue May 15 12:23:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taehee Yoo X-Patchwork-Id: 913599 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="JIa/EQgk"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40lcDC4lp9z9rvt for ; Tue, 15 May 2018 22:23:23 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753078AbeEOMXW (ORCPT ); Tue, 15 May 2018 08:23:22 -0400 Received: from mail-pg0-f68.google.com ([74.125.83.68]:33483 "EHLO mail-pg0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753287AbeEOMXV (ORCPT ); Tue, 15 May 2018 08:23:21 -0400 Received: by mail-pg0-f68.google.com with SMTP id v7-v6so4172240pgs.0 for ; Tue, 15 May 2018 05:23:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=q+9b7KGWvqTmW2ixB435e1hyzKPuXNMSGMHkkMK48fY=; b=JIa/EQgky1LV5BgPzZSxyODtQSop8qZ/53GjbeyQMX0pWLbW2I5OnlahzEbQuAhrGn TcVs3c4t0S8hBayZCbqpcHCk9YgYiNH6vbBhtGmZpB4iILA+UjCnwA5VztpdcN/OXZnU ISUpg3jp8NdEAKLV0G85gBtmwBpM4r45sZj+voShhXWcGcNnLYBn/UDG06UOMkpz7uK/ /4ZQUpFprSJOfJ7Ft1bCvCwJfsDnAxT2VRVHI+4iaZOnE9turCPm3wRGPT4fFN2vjA/l 0hAL9GS5rnMEz4wGlkA2FKHpsLZ3Pi7F/k9khC2y1wagBVY/fzAqSeBDKqMwWVx2LhGQ Plug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=q+9b7KGWvqTmW2ixB435e1hyzKPuXNMSGMHkkMK48fY=; b=h1Nbelc2UyI/TGhyasrVeyNkUVTgmeVXWsO4t0Da6wiwWdZnknkhsX03jduE7h5F7t vH5wLUZhH0+P14vv0j5UrGLwyhdH67Qh8FwZ1v5swd5abEKQxsXb19FeSYXz/LaNW23J CaqDqNuOp/uu9fBavuY2Kx/dWmcl4aaKDx89pLu26Bj7izX423+pvpx3zbjRLlcJDbno sJFvk/GI4w8UIbeD9ovn2FuXglEAMyJpKhoNhO3P+q6xvP8Gmn3hboBg8Ut3xpXbMUJD 1BLIYCVMfFFvHt0FE0mx4ZslhXp/Jq7jRhF0HTcGWqc3Z7CIFvSGuVXBkzWJowJDoDah KTbA== X-Gm-Message-State: ALKqPwfsRCEb0LrzUgC+8mM5PBEf0JcYnINQZXFuE+MqUIYvfl7HeH3s zxdHU1B1O31TJ7ZMwuFAMls= X-Google-Smtp-Source: AB8JxZrHrONH/tvOhISiVWWC66jxNxyW5V3v0GOXEh7Mhvd4N+Qx+pi5kUG13ViZON5N+gOvo/g07Q== X-Received: by 2002:a63:7154:: with SMTP id b20-v6mr12072145pgn.13.1526387001243; Tue, 15 May 2018 05:23:21 -0700 (PDT) Received: from ap-To-be-filled-by-O-E-M.8.8.8.8 ([125.130.197.10]) by smtp.gmail.com with ESMTPSA id t24-v6sm28575461pfj.75.2018.05.15.05.23.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 May 2018 05:23:20 -0700 (PDT) From: Taehee Yoo To: pablo@netfilter.org, netfilter-devel@vger.kernel.org Cc: ap420073@gmail.com Subject: [PATCH nf 1/5] netfilter: nf_tables: use nft_ctx instead of nft_chain Date: Tue, 15 May 2018 21:23:14 +0900 Message-Id: <20180515122314.29197-1-ap420073@gmail.com> X-Mailer: git-send-email 2.9.3 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch prepares for next patches. The nft_chain_validate_hooks and nft_chain_validate_dependency are going to use both net and nft_chain. Signed-off-by: Taehee Yoo --- include/net/netfilter/nf_tables.h | 4 ++-- net/bridge/netfilter/nft_reject_bridge.c | 4 ++-- net/netfilter/nf_tables_api.c | 12 ++++++------ net/netfilter/nft_fib.c | 2 +- net/netfilter/nft_flow_offload.c | 2 +- net/netfilter/nft_masq.c | 4 ++-- net/netfilter/nft_meta.c | 4 ++-- net/netfilter/nft_nat.c | 6 +++--- net/netfilter/nft_redir.c | 4 ++-- net/netfilter/nft_reject.c | 2 +- net/netfilter/nft_rt.c | 2 +- 11 files changed, 23 insertions(+), 23 deletions(-) diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index a1e28dd..7eb4802 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -903,9 +903,9 @@ struct nft_chain_type { void (*free)(struct nft_ctx *ctx); }; -int nft_chain_validate_dependency(const struct nft_chain *chain, +int nft_chain_validate_dependency(const struct nft_ctx *ctx, enum nft_chain_types type); -int nft_chain_validate_hooks(const struct nft_chain *chain, +int nft_chain_validate_hooks(const struct nft_ctx *ctx, unsigned int hook_flags); struct nft_stats { diff --git a/net/bridge/netfilter/nft_reject_bridge.c b/net/bridge/netfilter/nft_reject_bridge.c index eaf05de..f3b633b 100644 --- a/net/bridge/netfilter/nft_reject_bridge.c +++ b/net/bridge/netfilter/nft_reject_bridge.c @@ -357,8 +357,8 @@ static int nft_reject_bridge_validate(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nft_data **data) { - return nft_chain_validate_hooks(ctx->chain, (1 << NF_BR_PRE_ROUTING) | - (1 << NF_BR_LOCAL_IN)); + return nft_chain_validate_hooks(ctx, (1 << NF_BR_PRE_ROUTING) | + (1 << NF_BR_LOCAL_IN)); } static int nft_reject_bridge_init(const struct nft_ctx *ctx, diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 3806db3..13c2fc3 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -6132,13 +6132,13 @@ static const struct nfnetlink_subsystem nf_tables_subsys = { .valid_genid = nf_tables_valid_genid, }; -int nft_chain_validate_dependency(const struct nft_chain *chain, +int nft_chain_validate_dependency(const struct nft_ctx *ctx, enum nft_chain_types type) { const struct nft_base_chain *basechain; - if (nft_is_base_chain(chain)) { - basechain = nft_base_chain(chain); + if (nft_is_base_chain(ctx->chain)) { + basechain = nft_base_chain(ctx->chain); if (basechain->type->type != type) return -EOPNOTSUPP; } @@ -6146,13 +6146,13 @@ int nft_chain_validate_dependency(const struct nft_chain *chain, } EXPORT_SYMBOL_GPL(nft_chain_validate_dependency); -int nft_chain_validate_hooks(const struct nft_chain *chain, +int nft_chain_validate_hooks(const struct nft_ctx *ctx, unsigned int hook_flags) { struct nft_base_chain *basechain; - if (nft_is_base_chain(chain)) { - basechain = nft_base_chain(chain); + if (nft_is_base_chain(ctx->chain)) { + basechain = nft_base_chain(ctx->chain); if ((1 << basechain->ops.hooknum) & hook_flags) return 0; diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c index 21df8cc..47dbf94 100644 --- a/net/netfilter/nft_fib.c +++ b/net/netfilter/nft_fib.c @@ -59,7 +59,7 @@ int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr, return -EINVAL; } - return nft_chain_validate_hooks(ctx->chain, hooks); + return nft_chain_validate_hooks(ctx, hooks); } EXPORT_SYMBOL_GPL(nft_fib_validate); diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index b65829b..6165733 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -128,7 +128,7 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx, { unsigned int hook_mask = (1 << NF_INET_FORWARD); - return nft_chain_validate_hooks(ctx->chain, hook_mask); + return nft_chain_validate_hooks(ctx, hook_mask); } static int nft_flow_offload_init(const struct nft_ctx *ctx, diff --git a/net/netfilter/nft_masq.c b/net/netfilter/nft_masq.c index 9d8655b..5a32260 100644 --- a/net/netfilter/nft_masq.c +++ b/net/netfilter/nft_masq.c @@ -29,11 +29,11 @@ int nft_masq_validate(const struct nft_ctx *ctx, { int err; - err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT); + err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT); if (err < 0) return err; - return nft_chain_validate_hooks(ctx->chain, + return nft_chain_validate_hooks(ctx, (1 << NF_INET_POST_ROUTING)); } EXPORT_SYMBOL_GPL(nft_masq_validate); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 8fb91940..7d14fe3 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -354,7 +354,7 @@ static int nft_meta_get_validate(const struct nft_ctx *ctx, return -EOPNOTSUPP; } - return nft_chain_validate_hooks(ctx->chain, hooks); + return nft_chain_validate_hooks(ctx, hooks); #else return 0; #endif @@ -386,7 +386,7 @@ int nft_meta_set_validate(const struct nft_ctx *ctx, return -EOPNOTSUPP; } - return nft_chain_validate_hooks(ctx->chain, hooks); + return nft_chain_validate_hooks(ctx, hooks); } EXPORT_SYMBOL_GPL(nft_meta_set_validate); diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c index 1f36954..12c00e9 100644 --- a/net/netfilter/nft_nat.c +++ b/net/netfilter/nft_nat.c @@ -94,18 +94,18 @@ static int nft_nat_validate(const struct nft_ctx *ctx, struct nft_nat *priv = nft_expr_priv(expr); int err; - err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT); + err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT); if (err < 0) return err; switch (priv->type) { case NFT_NAT_SNAT: - err = nft_chain_validate_hooks(ctx->chain, + err = nft_chain_validate_hooks(ctx, (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_LOCAL_IN)); break; case NFT_NAT_DNAT: - err = nft_chain_validate_hooks(ctx->chain, + err = nft_chain_validate_hooks(ctx, (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)); break; diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c index c64cbe7..098a4a4 100644 --- a/net/netfilter/nft_redir.c +++ b/net/netfilter/nft_redir.c @@ -29,11 +29,11 @@ int nft_redir_validate(const struct nft_ctx *ctx, { int err; - err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT); + err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT); if (err < 0) return err; - return nft_chain_validate_hooks(ctx->chain, + return nft_chain_validate_hooks(ctx, (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)); } diff --git a/net/netfilter/nft_reject.c b/net/netfilter/nft_reject.c index 29f5bd2..74b6e4e 100644 --- a/net/netfilter/nft_reject.c +++ b/net/netfilter/nft_reject.c @@ -30,7 +30,7 @@ int nft_reject_validate(const struct nft_ctx *ctx, const struct nft_expr *expr, const struct nft_data **data) { - return nft_chain_validate_hooks(ctx->chain, + return nft_chain_validate_hooks(ctx, (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) | (1 << NF_INET_LOCAL_OUT)); diff --git a/net/netfilter/nft_rt.c b/net/netfilter/nft_rt.c index 11a2071..b754184 100644 --- a/net/netfilter/nft_rt.c +++ b/net/netfilter/nft_rt.c @@ -176,7 +176,7 @@ static int nft_rt_validate(const struct nft_ctx *ctx, const struct nft_expr *exp return -EINVAL; } - return nft_chain_validate_hooks(ctx->chain, hooks); + return nft_chain_validate_hooks(ctx, hooks); } static struct nft_expr_type nft_rt_type;