Commit 013714bf authored by Phil Sutter's avatar Phil Sutter Committed by Florian Westphal
Browse files

netfilter: nf_tables: Utilize NLA_POLICY_NESTED_ARRAY 



Mark attributes which are supposed to be arrays of nested attributes
with known content as such. Originally suggested for
NFTA_RULE_EXPRESSIONS only, but does apply to others as well.

Suggested-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
parent aee1f692

net/netfilter/nf_tables_api.c

+9 −9
Original line number Diff line number Diff line
@@ -3316,7 +3316,7 @@ static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] = { 
	[NFTA_RULE_CHAIN]	= { .type = NLA_STRING,

				    .len = NFT_CHAIN_MAXNAMELEN - 1 },

	[NFTA_RULE_HANDLE]	= { .type = NLA_U64 },

	[NFTA_RULE_EXPRESSIONS]	= { .type = NLA_NESTED },

	[NFTA_RULE_EXPRESSIONS]	= NLA_POLICY_NESTED_ARRAY(nft_expr_policy),

	[NFTA_RULE_COMPAT]	= { .type = NLA_NESTED },

	[NFTA_RULE_POSITION]	= { .type = NLA_U64 },

	[NFTA_RULE_USERDATA]	= { .type = NLA_BINARY,
@@ -4254,12 +4254,16 @@ static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = { 
	[NFTA_SET_OBJ_TYPE]		= { .type = NLA_U32 },

	[NFTA_SET_HANDLE]		= { .type = NLA_U64 },

	[NFTA_SET_EXPR]			= { .type = NLA_NESTED },

	[NFTA_SET_EXPRESSIONS]		= { .type = NLA_NESTED },

	[NFTA_SET_EXPRESSIONS]		= NLA_POLICY_NESTED_ARRAY(nft_expr_policy),

};



static const struct nla_policy nft_concat_policy[NFTA_SET_FIELD_MAX + 1] = {

	[NFTA_SET_FIELD_LEN]	= { .type = NLA_U32 },

};



static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {

	[NFTA_SET_DESC_SIZE]		= { .type = NLA_U32 },

	[NFTA_SET_DESC_CONCAT]		= { .type = NLA_NESTED },

	[NFTA_SET_DESC_CONCAT]		= NLA_POLICY_NESTED_ARRAY(nft_concat_policy),

};



static struct nft_set *nft_set_lookup(const struct nft_table *table,
@@ -4715,10 +4719,6 @@ static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info, 
	return err;

}



static const struct nla_policy nft_concat_policy[NFTA_SET_FIELD_MAX + 1] = {

	[NFTA_SET_FIELD_LEN]	= { .type = NLA_U32 },

};



static int nft_set_desc_concat_parse(const struct nlattr *attr,

				     struct nft_set_desc *desc)

{
@@ -5500,7 +5500,7 @@ static const struct nla_policy nft_set_elem_policy[NFTA_SET_ELEM_MAX + 1] = { 
	[NFTA_SET_ELEM_OBJREF]		= { .type = NLA_STRING,

					    .len = NFT_OBJ_MAXNAMELEN - 1 },

	[NFTA_SET_ELEM_KEY_END]		= { .type = NLA_NESTED },

	[NFTA_SET_ELEM_EXPRESSIONS]	= { .type = NLA_NESTED },

	[NFTA_SET_ELEM_EXPRESSIONS]	= NLA_POLICY_NESTED_ARRAY(nft_expr_policy),

};



static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 1] = {
@@ -5508,7 +5508,7 @@ static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 
					    .len = NFT_TABLE_MAXNAMELEN - 1 },

	[NFTA_SET_ELEM_LIST_SET]	= { .type = NLA_STRING,

					    .len = NFT_SET_MAXNAMELEN - 1 },

	[NFTA_SET_ELEM_LIST_ELEMENTS]	= { .type = NLA_NESTED },

	[NFTA_SET_ELEM_LIST_ELEMENTS]	= NLA_POLICY_NESTED_ARRAY(nft_set_elem_policy),

	[NFTA_SET_ELEM_LIST_SET_ID]	= { .type = NLA_U32 },

};