iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx

Browse Source 
Relieve the dump callback from having to check nlmsg_type upon each
call. Prep work for set element reset locking.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Phil Sutter 2023-10-24 15:10:40 +02:00 committed by Pablo Neira Ayuso
parent 078996fcd6
commit 9cdee06347
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
net/netfilter/nf_tables_api.c
View File

@ -5715,6 +5715,7 @@ static void audit_log_nft_set_reset(const struct nft_table *table,
struct nft_set_dump_ctx { struct nft_set_dump_ctx {
const struct nft_set *set; const struct nft_set *set;
struct nft_ctx ctx; struct nft_ctx ctx;
bool reset;
}; };
static int nft_set_catchall_dump(struct net *net, struct sk_buff *skb, static int nft_set_catchall_dump(struct net *net, struct sk_buff *skb,
@ -5752,7 +5753,6 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
bool set_found = false; bool set_found = false;
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
struct nlattr *nest; struct nlattr *nest;
bool reset = false;
u32 portid, seq; u32 portid, seq;
int event; int event;
@ -5800,12 +5800,9 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
if (nest == NULL) if (nest == NULL)
goto nla_put_failure; goto nla_put_failure;
if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)
reset = true;
args.cb = cb; args.cb = cb;
args.skb = skb; args.skb = skb;
args.reset = reset; args.reset = dump_ctx->reset;
args.iter.genmask = nft_genmask_cur(net); args.iter.genmask = nft_genmask_cur(net);
args.iter.skip = cb->args[0]; args.iter.skip = cb->args[0];
args.iter.count = 0; args.iter.count = 0;
@ -5815,11 +5812,11 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
if (!args.iter.err && args.iter.count == cb->args[0]) if (!args.iter.err && args.iter.count == cb->args[0])
args.iter.err = nft_set_catchall_dump(net, skb, set, args.iter.err = nft_set_catchall_dump(net, skb, set,
reset, cb->seq); dump_ctx->reset, cb->seq);
nla_nest_end(skb, nest); nla_nest_end(skb, nest);
nlmsg_end(skb, nlh); nlmsg_end(skb, nlh);
if (reset && args.iter.count > args.iter.skip) if (dump_ctx->reset && args.iter.count > args.iter.skip)
audit_log_nft_set_reset(table, cb->seq, audit_log_nft_set_reset(table, cb->seq,
args.iter.count - args.iter.skip); args.iter.count - args.iter.skip);
@ -6072,6 +6069,9 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)
reset = true;
if (info->nlh->nlmsg_flags & NLM_F_DUMP) { if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
struct netlink_dump_control c = { struct netlink_dump_control c = {
.start = nf_tables_dump_set_start, .start = nf_tables_dump_set_start,
@ -6082,6 +6082,7 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
struct nft_set_dump_ctx dump_ctx = { struct nft_set_dump_ctx dump_ctx = {
.set = set, .set = set,
.ctx = ctx, .ctx = ctx,
.reset = reset,
}; };
c.data = &dump_ctx; c.data = &dump_ctx;
@ -6091,9 +6092,6 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS]) if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])
return -EINVAL; return -EINVAL;
if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)
reset = true;
nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) { nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
err = nft_get_set_elem(&ctx, set, attr, reset); err = nft_get_set_elem(&ctx, set, attr, reset);
if (err < 0) { if (err < 0) {