From patchwork Fri Jan 12 12:57:24 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eyal Birger <eyal.birger@gmail.com>
X-Patchwork-Id: 859888
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="vMSFJDpe"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3zJ2q50PWYz9s75
	for <patchwork-incoming@ozlabs.org>;
	Fri, 12 Jan 2018 23:58:09 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933684AbeALM6G (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 12 Jan 2018 07:58:06 -0500
Received: from mail-wm0-f67.google.com ([74.125.82.67]:39496 "EHLO
	mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S933674AbeALM6F (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 12 Jan 2018 07:58:05 -0500
Received: by mail-wm0-f67.google.com with SMTP id i11so11607982wmf.4
	for <netdev@vger.kernel.org>; Fri, 12 Jan 2018 04:58:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=9B540J5tXGO3wNu8eDLx/qk0Pk/IdhvMGSLP1TUZxuI=;
	b=vMSFJDpeJ7udvZSV9bgtKlxpsMMSeDss1QQcym4V5yORihUQ6IWUb0YIVS6aVLmIE5
	DO+WTeJFcLdvUW9x0nAU5F0vR2uNw3qJV0KNdWDAa3svvqKu3k8cB/Md5qQl1sJYUjyP
	m9FEQmCSKg3MBjkdjTyGbDY3GxvdlM0nIyE/OP7XP9Si0QnMzIarUGfR0TzXUpEPsl2e
	2pMBQ9H/KDnJl9ur7k5KtHXV7UPgLEYkRYASo49Ra6Y3JoNOA0VXdRJ2hQywBTZ6fFZr
	wxtgsPqy348Oo0cTBT7zLWr7nm9n8lhm+T0mJtx1bM6hQ5aC0P+v/fFH6oW536h6LDnG
	SjGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=9B540J5tXGO3wNu8eDLx/qk0Pk/IdhvMGSLP1TUZxuI=;
	b=gYytFS2TBE9Esr023Lj7Lj2lT3o0UpeEJGf4ET+bB8schJZnb4pa34xuRI2Stv/rnj
	T3ZmSkmpEECQrLGAM1Mm9nwSly4+v1xUC6zkAQZTKrrnNg+koO5W8o7eq7ScQG0FSi64
	mxrbbG0g2Fo7/rV7p4NFlMwa2BwvWeb3S3I8uJdRBl7v/noEYybhuXe6e8CXOYtf3mPN
	+6fyi6JZXEQM92XZW3UvcRWURWH1x1TYBnJWCGi6uNblFs5wb+xglmuQbb0OU1mASt+f
	yEzkwA1OHs7GQDVhmK6SRF1cOIulBkuOu2FeLWbnQeioel7p87XPhcUM4dppc16LHqGN
	wn8w==
X-Gm-Message-State: AKwxytcngCtaNUEG5rFJorL2VqOTtL4OHakBnPVCZLec8KXLvZTQjfSj
	zkusHondPZ4E+Cu6EOPW96/hSDqrOr8=
X-Google-Smtp-Source: 
 ACJfBoviMsklvwLBBGmhR/gj5Sv52T6HVFliFvAVV+xrelOKR1mGdhS1EgRwcjeBXR2GYeb17qp/Lg==
X-Received: by 10.28.96.86 with SMTP id u83mr3767514wmb.63.1515761883583;
	Fri, 12 Jan 2018 04:58:03 -0800 (PST)
Received: from localhost.localdomain
	(85.65.196.133.dynamic.barak-online.net. [85.65.196.133])
	by smtp.gmail.com with ESMTPSA id
	v75sm2026595wrc.45.2018.01.12.04.58.02
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Fri, 12 Jan 2018 04:58:03 -0800 (PST)
From: Eyal Birger <eyal.birger@gmail.com>
To: netdev@vger.kernel.org, pablo@netfilter.org, jhs@mojatatu.com
Cc: coreteam@netfilter.org, shmulik@metanetworks.com,
	Eyal Birger <eyal@metanetworks.com>
Subject: [PATCH net-next 1/2] net: netfilter: export xt_policy
	match_policy_in() as xt_policy_match_policy_in()
Date: Fri, 12 Jan 2018 14:57:24 +0200
Message-Id: <1515761845-31323-2-git-send-email-eyal.birger@gmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1515761845-31323-1-git-send-email-eyal.birger@gmail.com>
References: <1515761845-31323-1-git-send-email-eyal.birger@gmail.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Eyal Birger <eyal@metanetworks.com>

Expose this functionality so it could be usable from a tc classifier.

The rename of match_policy_out() is done for consistency though it is not
exported.

Signed-off-by: Eyal Birger <eyal@metanetworks.com>
---
 include/net/netfilter/xt_policy.h | 12 ++++++++++++
 net/netfilter/xt_policy.c         | 18 ++++++++++--------
 2 files changed, 22 insertions(+), 8 deletions(-)
 create mode 100644 include/net/netfilter/xt_policy.h

diff --git a/include/net/netfilter/xt_policy.h b/include/net/netfilter/xt_policy.h
new file mode 100644
index 0000000..99dcd57
--- /dev/null
+++ b/include/net/netfilter/xt_policy.h
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _XT_POLICY_INT_H
+#define _XT_POLICY_INT_H
+
+#include <linux/skbuff.h>
+#include <linux/netfilter/xt_policy.h>
+
+int xt_policy_match_policy_in(const struct sk_buff *skb,
+			      const struct xt_policy_info *info,
+			      unsigned short family);
+
+#endif /* _XT_POLICY_INT_H */
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index 5639fb0..4f9d0b1 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -16,6 +16,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter/xt_policy.h>
 #include <linux/netfilter/x_tables.h>
+#include <net/netfilter/xt_policy.h>
 
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
 MODULE_DESCRIPTION("Xtables: IPsec policy match");
@@ -51,9 +52,9 @@ match_xfrm_state(const struct xfrm_state *x, const struct xt_policy_elem *e,
 	       MATCH(reqid, x->props.reqid);
 }
 
-static int
-match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info,
-		unsigned short family)
+int xt_policy_match_policy_in(const struct sk_buff *skb,
+			      const struct xt_policy_info *info,
+			      unsigned short family)
 {
 	const struct xt_policy_elem *e;
 	const struct sec_path *sp = skb->sp;
@@ -80,10 +81,11 @@ match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info,
 
 	return strict ? 1 : 0;
 }
+EXPORT_SYMBOL_GPL(xt_policy_match_policy_in);
 
-static int
-match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info,
-		 unsigned short family)
+static int xt_policy_match_policy_out(const struct sk_buff *skb,
+				      const struct xt_policy_info *info,
+				      unsigned short family)
 {
 	const struct xt_policy_elem *e;
 	const struct dst_entry *dst = skb_dst(skb);
@@ -117,9 +119,9 @@ policy_mt(const struct sk_buff *skb, struct xt_action_param *par)
 	int ret;
 
 	if (info->flags & XT_POLICY_MATCH_IN)
-		ret = match_policy_in(skb, info, xt_family(par));
+		ret = xt_policy_match_policy_in(skb, info, xt_family(par));
 	else
-		ret = match_policy_out(skb, info, xt_family(par));
+		ret = xt_policy_match_policy_out(skb, info, xt_family(par));
 
 	if (ret < 0)
 		ret = info->flags & XT_POLICY_MATCH_NONE ? true : false;