diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-28 00:05:48 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-07 12:57:20 +0100 |
commit | 2599e98934c5ad166ad184b3682e38aadcb63fb3 (patch) | |
tree | 16f3872328d51ca5863094a4da1bcaa5e2040ce6 | |
parent | 43da04a593d8b2626f1cf4b56efe9402f6b53652 (diff) | |
download | linux-2599e98934c5ad166ad184b3682e38aadcb63fb3.tar.bz2 |
netfilter: nf_tables: notify internal updates of stateful objects
Introduce nf_tables_obj_notify() to notify internal state changes in
stateful objects. This is used by the quota object to report depletion
in a follow up patch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/net/netfilter/nf_tables.h | 4 | ||||
-rw-r--r-- | net/netfilter/nf_tables_api.c | 31 |
2 files changed, 23 insertions, 12 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 6f7d6a1dc09c..339e374c28b5 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -969,6 +969,10 @@ struct nft_object *nf_tables_obj_lookup(const struct nft_table *table, const struct nlattr *nla, u32 objtype, u8 genmask); +int nft_obj_notify(struct net *net, struct nft_table *table, + struct nft_object *obj, u32 portid, u32 seq, + int event, int family, int report, gfp_t gfp); + /** * struct nft_object_type - stateful object type * diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index bfc015af366a..9d2ed3f520ef 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4282,38 +4282,45 @@ static int nf_tables_delobj(struct net *net, struct sock *nlsk, return nft_delobj(&ctx, obj); } -static int nf_tables_obj_notify(const struct nft_ctx *ctx, - struct nft_object *obj, int event) +int nft_obj_notify(struct net *net, struct nft_table *table, + struct nft_object *obj, u32 portid, u32 seq, int event, + int family, int report, gfp_t gfp) { struct sk_buff *skb; int err; - if (!ctx->report && - !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES)) + if (!report && + !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) return 0; err = -ENOBUFS; - skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); + skb = nlmsg_new(NLMSG_GOODSIZE, gfp); if (skb == NULL) goto err; - err = nf_tables_fill_obj_info(skb, ctx->net, ctx->portid, ctx->seq, - event, 0, ctx->afi->family, ctx->table, - obj, false); + err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family, + table, obj, false); if (err < 0) { kfree_skb(skb); goto err; } - err = nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES, - ctx->report, GFP_KERNEL); + err = nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp); err: if (err < 0) { - nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, - err); + nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, err); } return err; } +EXPORT_SYMBOL_GPL(nft_obj_notify); + +static int nf_tables_obj_notify(const struct nft_ctx *ctx, + struct nft_object *obj, int event) +{ + return nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, + ctx->seq, event, ctx->afi->family, ctx->report, + GFP_KERNEL); +} static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) |