Commit 76adfafe authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nf_tables: add nft_set_elem_update_expr() helper function

This helper function runs the eval path of the stateful expression
of an existing set element.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 40944452
...@@ -890,6 +890,18 @@ static inline struct nft_userdata *nft_userdata(const struct nft_rule *rule) ...@@ -890,6 +890,18 @@ static inline struct nft_userdata *nft_userdata(const struct nft_rule *rule)
return (void *)&rule->data[rule->dlen]; return (void *)&rule->data[rule->dlen];
} }
static inline void nft_set_elem_update_expr(const struct nft_set_ext *ext,
struct nft_regs *regs,
const struct nft_pktinfo *pkt)
{
struct nft_expr *expr;
if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR)) {
expr = nft_set_ext_expr(ext);
expr->ops->eval(expr, regs, pkt);
}
}
/* /*
* The last pointer isn't really necessary, but the compiler isn't able to * The last pointer isn't really necessary, but the compiler isn't able to
* determine that the result of nft_expr_last() is always the same since it * determine that the result of nft_expr_last() is always the same since it
......
...@@ -81,7 +81,6 @@ void nft_dynset_eval(const struct nft_expr *expr, ...@@ -81,7 +81,6 @@ void nft_dynset_eval(const struct nft_expr *expr,
const struct nft_dynset *priv = nft_expr_priv(expr); const struct nft_dynset *priv = nft_expr_priv(expr);
struct nft_set *set = priv->set; struct nft_set *set = priv->set;
const struct nft_set_ext *ext; const struct nft_set_ext *ext;
const struct nft_expr *sexpr;
u64 timeout; u64 timeout;
if (priv->op == NFT_DYNSET_OP_DELETE) { if (priv->op == NFT_DYNSET_OP_DELETE) {
...@@ -91,18 +90,13 @@ void nft_dynset_eval(const struct nft_expr *expr, ...@@ -91,18 +90,13 @@ void nft_dynset_eval(const struct nft_expr *expr,
if (set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new, if (set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new,
expr, regs, &ext)) { expr, regs, &ext)) {
sexpr = NULL;
if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR))
sexpr = nft_set_ext_expr(ext);
if (priv->op == NFT_DYNSET_OP_UPDATE && if (priv->op == NFT_DYNSET_OP_UPDATE &&
nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) {
timeout = priv->timeout ? : set->timeout; timeout = priv->timeout ? : set->timeout;
*nft_set_ext_expiration(ext) = get_jiffies_64() + timeout; *nft_set_ext_expiration(ext) = get_jiffies_64() + timeout;
} }
if (sexpr != NULL) nft_set_elem_update_expr(ext, regs, pkt);
sexpr->ops->eval(sexpr, regs, pkt);
if (priv->invert) if (priv->invert)
regs->verdict.code = NFT_BREAK; regs->verdict.code = NFT_BREAK;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment