{"id":805164,"url":"http://patchwork.ozlabs.org/api/1.2/patches/805164/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170823204125.31427-3-pablombg@gmail.com/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.2/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170823204125.31427-3-pablombg@gmail.com>","list_archive_url":null,"date":"2017-08-23T20:41:25","name":"[nf-next,3/3] netfilter: nft_limit: add stateful object type","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"ca92c02965c28c3780601bfe723a6406c4e69977","submitter":{"id":67698,"url":"http://patchwork.ozlabs.org/api/1.2/people/67698/?format=json","name":"Pablo M. Bermudo Garay","email":"pablombg@gmail.com"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/1.2/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20170823204125.31427-3-pablombg@gmail.com/mbox/","series":[],"comments":"http://patchwork.ozlabs.org/api/patches/805164/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/805164/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"IbEdyqfP\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xczrL4mlJz9s65\n\tfor ;\n\tThu, 24 Aug 2017 06:42:26 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1754191AbdHWUmV (ORCPT );\n\tWed, 23 Aug 2017 16:42:21 -0400","from mail-wm0-f67.google.com ([74.125.82.67]:35717 \"EHLO\n\tmail-wm0-f67.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1754173AbdHWUmS (ORCPT\n\t);\n\tWed, 23 Aug 2017 16:42:18 -0400","by mail-wm0-f67.google.com with SMTP id x79so709117wma.2\n\tfor ;\n\tWed, 23 Aug 2017 13:42:17 -0700 (PDT)","from localhost.localdomain (75.red-88-9-82.dynamicip.rima-tde.net.\n\t[88.9.82.75]) by smtp.gmail.com with ESMTPSA id\n\t65sm2035727wmf.0.2017.08.23.13.42.15\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tWed, 23 Aug 2017 13:42:15 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=AEQkQg0DNJVsJzX70syQ7OjOQR0dfs8FhXKUEY2CzFs=;\n\tb=IbEdyqfPOjZWXBvWis6SmiyT4m22QtTDTv/Zodn0ZM2evXKtiecZWn7fRuJmLJ1B+p\n\twRh3Cua2+B2r4ur2hkaBwypwhW3tBFkpwDwBYC5oJL6pQXw8V7Z5Tq8XXUUE1FZ5zpRz\n\ta6D60fLXYiipxaISlXt7koYHd7L9USTN2nmss0vNcBNzQFqOzJTaF0KLS6Xbr5srOqVR\n\tL9/RzncncD8LwMVop8QIOwDXfCF2Gpe91O52shQ00tfSp/HGCsY6pP1+XAl38prdhhgE\n\tZsOAfejh4UVskrS16opXX5FsDHHCiP1Z01QRLghztFdGyFgXTz1eRy0L21dtUVxhRoUR\n\trSDg==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to\n\t:references;\n\tbh=AEQkQg0DNJVsJzX70syQ7OjOQR0dfs8FhXKUEY2CzFs=;\n\tb=h9B/jMaYIdXYssP6qQcV4ymokHE2tzAeb1j8Conly7ghSyqaXYeHhAJyVjWnWwmWU4\n\t+0xlZi6LuLMoOymg9jA2LZquet2hndwKdtfqyp4CNa3p/IhMVwSHHKvyItxjIgqeeG08\n\tDT+KFqid9mSE8xMX/Z2dTdtjPoC6qZ/vLyv5CCnnVtHH+PEggBBgvNSAM8Mlp9L7uMEW\n\tirCpKj5aIdn81f+Mj8OKUjNyrGYh0AGXnLDRCg4N2uvrlN92AOaH4cDdHM2oltHrBDKq\n\tVmOTCU+y4eg5FPsDNxYIJJcBZzKRYUXqO3H7CK1/fGZmo5mpXcNMY4CuafLwz6u0UeE9\n\tAPCQ==","X-Gm-Message-State":"AHYfb5ixkUHuNo2yXn6r5ycBgaom/1MOgQQ1gUAZvVbcr5Nx7DNZqmeu\n\to+yxUjOfRJX96s6e0W4=","X-Received":"by 10.28.62.200 with SMTP id l191mr2896713wma.57.1503520936575; \n\tWed, 23 Aug 2017 13:42:16 -0700 (PDT)","From":"\"Pablo M. Bermudo Garay\" ","To":"netfilter-devel@vger.kernel.org","Cc":"pablo@netfilter.org, \"Pablo M. Bermudo Garay\" ","Subject":"[PATCH nf-next 3/3] netfilter: nft_limit: add stateful object type","Date":"Wed, 23 Aug 2017 22:41:25 +0200","Message-Id":"<20170823204125.31427-3-pablombg@gmail.com>","X-Mailer":"git-send-email 2.14.1","In-Reply-To":"<20170823204125.31427-1-pablombg@gmail.com>","References":"<20170823204125.31427-1-pablombg@gmail.com>","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"Register a new limit stateful object type into the stateful object\ninfrastructure.\n\nSigned-off-by: Pablo M. Bermudo Garay \n---\n include/uapi/linux/netfilter/nf_tables.h | 3 +-\n net/netfilter/nft_limit.c | 118 ++++++++++++++++++++++++++++++-\n 2 files changed, 119 insertions(+), 2 deletions(-)","diff":"diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h\nindex dc7661c293b8..ca5c36876bac 100644\n--- a/include/uapi/linux/netfilter/nf_tables.h\n+++ b/include/uapi/linux/netfilter/nf_tables.h\n@@ -1278,7 +1278,8 @@ enum nft_ct_helper_attributes {\n #define NFT_OBJECT_COUNTER\t1\n #define NFT_OBJECT_QUOTA\t2\n #define NFT_OBJECT_CT_HELPER\t3\n-#define __NFT_OBJECT_MAX\t4\n+#define NFT_OBJECT_LIMIT\t4\n+#define __NFT_OBJECT_MAX\t5\n #define NFT_OBJECT_MAX\t\t(__NFT_OBJECT_MAX - 1)\n \n /**\ndiff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c\nindex d66b4de5b07c..b6903df21fc4 100644\n--- a/net/netfilter/nft_limit.c\n+++ b/net/netfilter/nft_limit.c\n@@ -226,14 +226,129 @@ static struct nft_expr_type nft_limit_type __read_mostly = {\n \t.owner\t\t= THIS_MODULE,\n };\n \n+static void nft_limit_obj_pkts_eval(struct nft_object *obj,\n+\t\t\t\t struct nft_regs *regs,\n+\t\t\t\t const struct nft_pktinfo *pkt)\n+{\n+\tstruct nft_limit_pkts *priv = nft_obj_data(obj);\n+\n+\tif (nft_limit_eval(&priv->limit, priv->cost))\n+\t\tregs->verdict.code = NFT_BREAK;\n+}\n+\n+static int nft_limit_obj_pkts_init(const struct nft_ctx *ctx,\n+\t\t\t\t const struct nlattr * const tb[],\n+\t\t\t\t struct nft_object *obj)\n+{\n+\tstruct nft_limit_pkts *priv = nft_obj_data(obj);\n+\tint err;\n+\n+\terr = nft_limit_init(&priv->limit, tb);\n+\tif (err < 0)\n+\t\treturn err;\n+\n+\tpriv->cost = div64_u64(priv->limit.nsecs, priv->limit.rate);\n+\treturn 0;\n+}\n+\n+static int nft_limit_obj_pkts_dump(struct sk_buff *skb,\n+\t\t\t\t struct nft_object *obj,\n+\t\t\t\t bool reset)\n+{\n+\tconst struct nft_limit_pkts *priv = nft_obj_data(obj);\n+\n+\treturn nft_limit_dump(skb, &priv->limit, NFT_LIMIT_PKTS);\n+}\n+\n+static const struct nft_object_ops nft_limit_obj_pkts_ops = {\n+\t.size\t\t= NFT_EXPR_SIZE(sizeof(struct nft_limit_pkts)),\n+\t.init\t\t= nft_limit_obj_pkts_init,\n+\t.eval\t\t= nft_limit_obj_pkts_eval,\n+\t.dump\t\t= nft_limit_obj_pkts_dump,\n+};\n+\n+static void nft_limit_obj_bytes_eval(struct nft_object *obj,\n+\t\t\t\t struct nft_regs *regs,\n+\t\t\t\t const struct nft_pktinfo *pkt)\n+{\n+\tstruct nft_limit *priv = nft_obj_data(obj);\n+\tu64 cost = div64_u64(priv->nsecs * pkt->skb->len, priv->rate);\n+\n+\tif (nft_limit_eval(priv, cost))\n+\t\tregs->verdict.code = NFT_BREAK;\n+}\n+\n+static int nft_limit_obj_bytes_init(const struct nft_ctx *ctx,\n+\t\t\t\t const struct nlattr * const tb[],\n+\t\t\t\t struct nft_object *obj)\n+{\n+\tstruct nft_limit *priv = nft_obj_data(obj);\n+\n+\treturn nft_limit_init(priv, tb);\n+}\n+\n+static int nft_limit_obj_bytes_dump(struct sk_buff *skb,\n+\t\t\t\t struct nft_object *obj,\n+\t\t\t\t bool reset)\n+{\n+\tconst struct nft_limit *priv = nft_obj_data(obj);\n+\n+\treturn nft_limit_dump(skb, priv, NFT_LIMIT_BYTES);\n+}\n+\n+static const struct nft_object_ops nft_limit_obj_bytes_ops = {\n+\t.size\t\t= sizeof(struct nft_limit),\n+\t.init\t\t= nft_limit_obj_bytes_init,\n+\t.eval\t\t= nft_limit_obj_bytes_eval,\n+\t.dump\t\t= nft_limit_obj_bytes_dump,\n+};\n+\n+static const struct nft_object_ops *\n+nft_limit_obj_select_ops(const struct nft_ctx *ctx,\n+\t\t\t const struct nlattr * const tb[])\n+{\n+\tif (!tb[NFTA_LIMIT_TYPE])\n+\t\treturn &nft_limit_obj_pkts_ops;\n+\n+\tswitch (ntohl(nla_get_be32(tb[NFTA_LIMIT_TYPE]))) {\n+\tcase NFT_LIMIT_PKTS:\n+\t\treturn &nft_limit_obj_pkts_ops;\n+\tcase NFT_LIMIT_BYTES:\n+\t\treturn &nft_limit_obj_bytes_ops;\n+\t}\n+\treturn ERR_PTR(-EOPNOTSUPP);\n+}\n+\n+static struct nft_object_type nft_limit_obj __read_mostly = {\n+\t.select_ops\t= nft_limit_obj_select_ops,\n+\t.type\t\t= NFT_OBJECT_LIMIT,\n+\t.maxattr\t= NFTA_LIMIT_MAX,\n+\t.policy\t\t= nft_limit_policy,\n+\t.owner\t\t= THIS_MODULE,\n+};\n+\n static int __init nft_limit_module_init(void)\n {\n-\treturn nft_register_expr(&nft_limit_type);\n+\tint err;\n+\n+\terr = nft_register_obj(&nft_limit_obj);\n+\tif (err < 0)\n+\t\treturn err;\n+\n+\terr = nft_register_expr(&nft_limit_type);\n+\tif (err < 0)\n+\t\tgoto err1;\n+\n+\treturn 0;\n+err1:\n+\tnft_unregister_obj(&nft_limit_obj);\n+\treturn err;\n }\n \n static void __exit nft_limit_module_exit(void)\n {\n \tnft_unregister_expr(&nft_limit_type);\n+\tnft_unregister_obj(&nft_limit_obj);\n }\n \n module_init(nft_limit_module_init);\n@@ -242,3 +357,4 @@ module_exit(nft_limit_module_exit);\n MODULE_LICENSE(\"GPL\");\n MODULE_AUTHOR(\"Patrick McHardy \");\n MODULE_ALIAS_NFT_EXPR(\"limit\");\n+MODULE_ALIAS_NFT_OBJ(NFT_OBJECT_LIMIT);\n","prefixes":["nf-next","3/3"]}