From patchwork Mon May 28 07:02:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?TcOhdMOpIEVja2w=?= X-Patchwork-Id: 921321 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="VgttOfXg"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40vSVg18Lsz9s08 for ; Mon, 28 May 2018 17:03:07 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753656AbeE1HDG (ORCPT ); Mon, 28 May 2018 03:03:06 -0400 Received: from mail-wm0-f66.google.com ([74.125.82.66]:51659 "EHLO mail-wm0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753330AbeE1HDF (ORCPT ); Mon, 28 May 2018 03:03:05 -0400 Received: by mail-wm0-f66.google.com with SMTP id r15-v6so1766313wmc.1 for ; Mon, 28 May 2018 00:03:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=TmAv+31AxMH9AX9oeEzPAwspUgClv54eNU7JWVzX6IY=; b=VgttOfXg3LdYmesSIXNuomR8w5AZWcMBRwvpbJY8/LZViLnJpkLgiuzulWqz8QL0jy iwHUvbyV1zMo44RLRfa3ft4Rji0EM4COWbZ/LLgG+tGYOrA03UaOSq0xvKlrRNYs+3fN 11n5QMZk6zplz2/qf2JlUDKUCTKx6TcfD/rvKv7OVS1I1oAFvfq6UFQ3hH7iSt5PSOHR W5RkAM312xIWBCJa2up2SCg3rBnoG9GTTWUDNdmwDcmObohUNg24jv5cC9smoro0ZQgi MjLKo+KixDGLny1ClPFA1PU2yOsx/2FKccUc4LbiBaVIOaS0CY15W/d7s0PHEIDlBnw4 frGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=TmAv+31AxMH9AX9oeEzPAwspUgClv54eNU7JWVzX6IY=; b=oB4NKagc7bJPAj+GnHZM8yaaTPURTGS+Ed+uIJw6fPq9HTE6dWhvXqlyB3wQcGyqia DgXB7RuNtiafdu/ZI+WrQMkGz2DsjQPoa/kK9Hk+1kRCi6hfSg5pDCFNZIZkwaFtULBx jQD78dPraf4Lpvkc57FhWJz0jx5eUQkRJoLu8HQWsHqTOdl3gKHnp+xzE4ZffW+vpvMm 7kPDoEW2frWu8TugildKeTqFDNKyW2Xs9FJ0ThoJH7UqtQ761FkXT8CEqSse/ABQ53w5 gEsQLntVZOWiRAJ2JvFZpff3WUXPiIQx+6lINwBbsF0rB+yy5z+L4wMDsiTZeFWG5I18 HwTA== X-Gm-Message-State: ALKqPwc7/Ds6tr4GhAVl1HfSraWZyb8KN1reQIK0G8XL8d07moevNANJ I2OabYryLnnPSaNUl5HIBMeYMKD2 X-Google-Smtp-Source: ADUXVKJMUQVtrt/SQNN9BAKuby1t9j5DN0bIiEGOvNLU0/X2Podihwv484vbALSCS07M2Fg5OmSSqQ== X-Received: by 2002:a1c:f407:: with SMTP id z7-v6mr98739wma.143.1527490983739; Mon, 28 May 2018 00:03:03 -0700 (PDT) Received: from ecklm-lapos.sch.bme.hu (ecklapos.sch.bme.hu. [152.66.210.16]) by smtp.gmail.com with ESMTPSA id n23-v6sm10360376wmc.23.2018.05.28.00.03.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 May 2018 00:03:03 -0700 (PDT) From: =?utf-8?b?TcOhdMOpIEVja2w=?= To: netfilter-devel@vger.kernel.org Subject: [PATCH libnftnl] Updated nf_tables.h Date: Mon, 28 May 2018 09:02:46 +0200 Message-Id: <20180528070247.5781-1-ecklm94@gmail.com> X-Mailer: git-send-email 2.17.0 MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org I'm not sure if every change is appropriate, but there is certainly some inconsistency between this header file in the kernel and in here. A review might be necessary even if this patch is not to be allpied. -- 8< -- Signed-off-by: Máté Eckl --- include/linux/netfilter/nf_tables.h | 28 +++++++++++++++++----------- src/expr/ct.c | 1 - src/expr/rt.c | 1 - src/flowtable.c | 13 ------------- 4 files changed, 17 insertions(+), 26 deletions(-) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 48b095e..9c71f02 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1,10 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _LINUX_NF_TABLES_H #define _LINUX_NF_TABLES_H -#define NFT_TABLE_MAXNAMELEN 32 -#define NFT_CHAIN_MAXNAMELEN 32 -#define NFT_SET_MAXNAMELEN 32 -#define NFT_OBJ_MAXNAMELEN 32 +#define NFT_NAME_MAXLEN 256 +#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_CHAIN_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN #define NFT_USERDATA_MAXLEN 256 /** @@ -317,7 +319,7 @@ enum nft_set_desc_attributes { * @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32) * @NFTA_SET_USERDATA: user data (NLA_BINARY) * @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*) - * @NFTA_SET_HANDLE: numerical table handle (NLA_U64) + * @NFTA_SET_HANDLE: set handle (NLA_U64) */ enum nft_set_attributes { NFTA_SET_UNSPEC, @@ -822,13 +824,16 @@ enum nft_meta_keys { * @NFT_RT_CLASSID: realm value of packet's route (skb->dst->tclassid) * @NFT_RT_NEXTHOP4: routing nexthop for IPv4 * @NFT_RT_NEXTHOP6: routing nexthop for IPv6 + * @NFT_RT_TCPMSS: fetch current path tcp mss */ enum nft_rt_keys { NFT_RT_CLASSID, NFT_RT_NEXTHOP4, NFT_RT_NEXTHOP6, NFT_RT_TCPMSS, + __NFT_RT_MAX }; +#define NFT_RT_MAX (__NFT_RT_MAX - 1) /** * enum nft_hash_types - nf_tables hash expression types @@ -950,7 +955,9 @@ enum nft_ct_keys { NFT_CT_DST_IP, NFT_CT_SRC_IP6, NFT_CT_DST_IP6, + __NFT_CT_MAX }; +#define NFT_CT_MAX (__NFT_CT_MAX - 1) /** * enum nft_ct_attributes - nf_tables ct expression netlink attributes @@ -1259,6 +1266,8 @@ enum nft_objref_attributes { enum nft_gen_attributes { NFTA_GEN_UNSPEC, NFTA_GEN_ID, + NFTA_GEN_PROC_PID, + NFTA_GEN_PROC_NAME, __NFTA_GEN_MAX }; #define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1) @@ -1322,10 +1331,10 @@ enum nft_ct_helper_attributes { * * @NFTA_OBJ_TABLE: name of the table containing the expression (NLA_STRING) * @NFTA_OBJ_NAME: name of this expression type (NLA_STRING) - * @NFTA_OBJ_HANDLE: numeric object handle (NLA_U64) * @NFTA_OBJ_TYPE: stateful object type (NLA_U32) * @NFTA_OBJ_DATA: stateful object data (NLA_NESTED) * @NFTA_OBJ_USE: number of references to this expression (NLA_U32) + * @NFTA_OBJ_HANDLE: object handle (NLA_U64) */ enum nft_object_attributes { NFTA_OBJ_UNSPEC, @@ -1335,6 +1344,7 @@ enum nft_object_attributes { NFTA_OBJ_DATA, NFTA_OBJ_USE, NFTA_OBJ_HANDLE, + NFTA_OBJ_PAD, __NFTA_OBJ_MAX }; #define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) @@ -1347,8 +1357,6 @@ enum nft_object_attributes { * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) - * @NFTA_FLOWTABLE_SIZE: maximum size (NLA_U32) - * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32) */ enum nft_flowtable_attributes { NFTA_FLOWTABLE_UNSPEC, @@ -1358,8 +1366,6 @@ enum nft_flowtable_attributes { NFTA_FLOWTABLE_USE, NFTA_FLOWTABLE_HANDLE, NFTA_FLOWTABLE_PAD, - NFTA_FLOWTABLE_SIZE, - NFTA_FLOWTABLE_FLAGS, __NFTA_FLOWTABLE_MAX }; #define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1) @@ -1453,7 +1459,7 @@ enum nft_trace_types { * @NFTA_NG_TYPE: operation type (NLA_U32) * @NFTA_NG_OFFSET: offset to be added to the counter (NLA_U32) * @NFTA_NG_SET_NAME: name of the map to lookup (NLA_STRING) - * @NFTA_NG_SET_ID: if of the map (NLA_U32) + * @NFTA_NG_SET_ID: id of the map (NLA_U32) */ enum nft_ng_attributes { NFTA_NG_UNSPEC, diff --git a/src/expr/ct.c b/src/expr/ct.c index d4dd1d9..f0f039e 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -175,7 +175,6 @@ static const char *ctkey2str_array[NFT_CT_MAX] = { [NFT_CT_SRC_IP] = "src_ip", [NFT_CT_DST_IP] = "dst_ip", [NFT_CT_SRC_IP6] = "src_ip6", - [NFT_CT_DST_IP6] = "dst_ip6", }; static const char *ctkey2str(uint32_t ctkey) diff --git a/src/expr/rt.c b/src/expr/rt.c index 62c01a0..ebd5f44 100644 --- a/src/expr/rt.c +++ b/src/expr/rt.c @@ -120,7 +120,6 @@ static const char *rt_key2str_array[NFT_RT_MAX] = { [NFT_RT_CLASSID] = "classid", [NFT_RT_NEXTHOP4] = "nexthop4", [NFT_RT_NEXTHOP6] = "nexthop6", - [NFT_RT_TCPMSS] = "tcpmss", }; static const char *rt_key2str(uint8_t key) diff --git a/src/flowtable.c b/src/flowtable.c index c1ddae4..b4fc50a 100644 --- a/src/flowtable.c +++ b/src/flowtable.c @@ -294,12 +294,8 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, } mnl_attr_nest_end(nlh, nest); } - if (c->flags & (1 << NFTNL_FLOWTABLE_FLAGS)) - mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_FLAGS, htonl(c->ft_flags)); if (c->flags & (1 << NFTNL_FLOWTABLE_USE)) mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_USE, htonl(c->use)); - if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE)) - mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size)); } EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); @@ -321,7 +317,6 @@ static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data) if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) abi_breakage(); break; - case NFTA_FLOWTABLE_FLAGS: case NFTA_FLOWTABLE_USE: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); @@ -442,18 +437,10 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab if (ret < 0) return ret; } - if (tb[NFTA_FLOWTABLE_FLAGS]) { - c->ft_flags = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_FLAGS])); - c->flags |= (1 << NFTNL_FLOWTABLE_FLAGS); - } if (tb[NFTA_FLOWTABLE_USE]) { c->use = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_USE])); c->flags |= (1 << NFTNL_FLOWTABLE_USE); } - if (tb[NFTA_FLOWTABLE_SIZE]) { - c->size = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_SIZE])); - c->flags |= (1 << NFTNL_FLOWTABLE_SIZE); - } c->family = nfg->nfgen_family; c->flags |= (1 << NFTNL_FLOWTABLE_FAMILY);