netfilter: nf_tables: notify internal updates of stateful objects
Introduce nf_tables_obj_notify() to notify internal state changes in stateful objects. This is used by the quota object to report depletion in a follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
43da04a593
commit
2599e98934
@ -969,6 +969,10 @@ struct nft_object *nf_tables_obj_lookup(const struct nft_table *table,
|
|||||||
const struct nlattr *nla, u32 objtype,
|
const struct nlattr *nla, u32 objtype,
|
||||||
u8 genmask);
|
u8 genmask);
|
||||||
|
|
||||||
|
int nft_obj_notify(struct net *net, struct nft_table *table,
|
||||||
|
struct nft_object *obj, u32 portid, u32 seq,
|
||||||
|
int event, int family, int report, gfp_t gfp);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* struct nft_object_type - stateful object type
|
* struct nft_object_type - stateful object type
|
||||||
*
|
*
|
||||||
|
|||||||
@ -4282,38 +4282,45 @@ static int nf_tables_delobj(struct net *net, struct sock *nlsk,
|
|||||||
return nft_delobj(&ctx, obj);
|
return nft_delobj(&ctx, obj);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nf_tables_obj_notify(const struct nft_ctx *ctx,
|
int nft_obj_notify(struct net *net, struct nft_table *table,
|
||||||
struct nft_object *obj, int event)
|
struct nft_object *obj, u32 portid, u32 seq, int event,
|
||||||
|
int family, int report, gfp_t gfp)
|
||||||
{
|
{
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (!ctx->report &&
|
if (!report &&
|
||||||
!nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
|
!nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
err = -ENOBUFS;
|
err = -ENOBUFS;
|
||||||
skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
|
skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
|
||||||
if (skb == NULL)
|
if (skb == NULL)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_obj_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family,
|
||||||
event, 0, ctx->afi->family, ctx->table,
|
table, obj, false);
|
||||||
obj, false);
|
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
err = nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES,
|
err = nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
|
||||||
ctx->report, GFP_KERNEL);
|
|
||||||
err:
|
err:
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES,
|
nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, err);
|
||||||
err);
|
|
||||||
}
|
}
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
EXPORT_SYMBOL_GPL(nft_obj_notify);
|
||||||
|
|
||||||
|
static int nf_tables_obj_notify(const struct nft_ctx *ctx,
|
||||||
|
struct nft_object *obj, int event)
|
||||||
|
{
|
||||||
|
return nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid,
|
||||||
|
ctx->seq, event, ctx->afi->family, ctx->report,
|
||||||
|
GFP_KERNEL);
|
||||||
|
}
|
||||||
|
|
||||||
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
||||||
u32 portid, u32 seq)
|
u32 portid, u32 seq)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user