Commit a55e22e9 authored by Patrick McHardy's avatar Patrick McHardy Committed by Pablo Neira Ayuso

netfilter: nf_tables: get rid of NFT_REG_VERDICT usage

Replace the array of registers passed to expressions by a struct nft_regs,
containing the verdict as a seperate member, which aliases to the
NFT_REG_VERDICT register.

This is needed to seperate the verdict from the data registers completely,
so their size can be changed.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent d07db988
...@@ -36,6 +36,17 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt, ...@@ -36,6 +36,17 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt,
pkt->xt.family = ops->pf; pkt->xt.family = ops->pf;
} }
/**
* struct nft_verdict - nf_tables verdict
*
* @code: nf_tables/netfilter verdict code
* @chain: destination chain for NFT_JUMP/NFT_GOTO
*/
struct nft_verdict {
u32 code;
struct nft_chain *chain;
};
struct nft_data { struct nft_data {
union { union {
u32 data[4]; u32 data[4];
...@@ -46,6 +57,21 @@ struct nft_data { ...@@ -46,6 +57,21 @@ struct nft_data {
}; };
} __attribute__((aligned(__alignof__(u64)))); } __attribute__((aligned(__alignof__(u64))));
/**
* struct nft_regs - nf_tables register set
*
* @data: data registers
* @verdict: verdict register
*
* The first four data registers alias to the verdict register.
*/
struct nft_regs {
union {
struct nft_data data[NFT_REG_MAX + 1];
struct nft_verdict verdict;
};
};
static inline int nft_data_cmp(const struct nft_data *d1, static inline int nft_data_cmp(const struct nft_data *d1,
const struct nft_data *d2, const struct nft_data *d2,
unsigned int len) unsigned int len)
...@@ -221,9 +247,9 @@ struct nft_set_ops { ...@@ -221,9 +247,9 @@ struct nft_set_ops {
const struct nft_data *key, const struct nft_data *key,
void *(*new)(struct nft_set *, void *(*new)(struct nft_set *,
const struct nft_expr *, const struct nft_expr *,
struct nft_data []), struct nft_regs *),
const struct nft_expr *expr, const struct nft_expr *expr,
struct nft_data data[], struct nft_regs *regs,
const struct nft_set_ext **ext); const struct nft_set_ext **ext);
int (*insert)(const struct nft_set *set, int (*insert)(const struct nft_set *set,
...@@ -583,7 +609,7 @@ struct nft_expr_type { ...@@ -583,7 +609,7 @@ struct nft_expr_type {
struct nft_expr; struct nft_expr;
struct nft_expr_ops { struct nft_expr_ops {
void (*eval)(const struct nft_expr *expr, void (*eval)(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt); const struct nft_pktinfo *pkt);
unsigned int size; unsigned int size;
......
...@@ -26,11 +26,11 @@ int nft_meta_set_dump(struct sk_buff *skb, ...@@ -26,11 +26,11 @@ int nft_meta_set_dump(struct sk_buff *skb,
const struct nft_expr *expr); const struct nft_expr *expr);
void nft_meta_get_eval(const struct nft_expr *expr, void nft_meta_get_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt); const struct nft_pktinfo *pkt);
void nft_meta_set_eval(const struct nft_expr *expr, void nft_meta_set_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt); const struct nft_pktinfo *pkt);
#endif #endif
...@@ -19,12 +19,12 @@ ...@@ -19,12 +19,12 @@
#include "../br_private.h" #include "../br_private.h"
static void nft_meta_bridge_get_eval(const struct nft_expr *expr, static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_meta *priv = nft_expr_priv(expr); const struct nft_meta *priv = nft_expr_priv(expr);
const struct net_device *in = pkt->in, *out = pkt->out; const struct net_device *in = pkt->in, *out = pkt->out;
struct nft_data *dest = &data[priv->dreg]; struct nft_data *dest = &regs->data[priv->dreg];
const struct net_bridge_port *p; const struct net_bridge_port *p;
switch (priv->key) { switch (priv->key) {
...@@ -43,9 +43,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr, ...@@ -43,9 +43,9 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
strncpy((char *)dest->data, p->br->dev->name, sizeof(dest->data)); strncpy((char *)dest->data, p->br->dev->name, sizeof(dest->data));
return; return;
out: out:
return nft_meta_get_eval(expr, data, pkt); return nft_meta_get_eval(expr, regs, pkt);
err: err:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static int nft_meta_bridge_get_init(const struct nft_ctx *ctx, static int nft_meta_bridge_get_init(const struct nft_ctx *ctx,
......
...@@ -257,8 +257,8 @@ static void nft_reject_br_send_v6_unreach(struct net *net, ...@@ -257,8 +257,8 @@ static void nft_reject_br_send_v6_unreach(struct net *net,
} }
static void nft_reject_bridge_eval(const struct nft_expr *expr, static void nft_reject_bridge_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_reject *priv = nft_expr_priv(expr); struct nft_reject *priv = nft_expr_priv(expr);
struct net *net = dev_net((pkt->in != NULL) ? pkt->in : pkt->out); struct net *net = dev_net((pkt->in != NULL) ? pkt->in : pkt->out);
...@@ -310,7 +310,7 @@ static void nft_reject_bridge_eval(const struct nft_expr *expr, ...@@ -310,7 +310,7 @@ static void nft_reject_bridge_eval(const struct nft_expr *expr,
break; break;
} }
out: out:
data[NFT_REG_VERDICT].verdict = NF_DROP; regs->verdict.code = NF_DROP;
} }
static int nft_reject_bridge_validate(const struct nft_ctx *ctx, static int nft_reject_bridge_validate(const struct nft_ctx *ctx,
......
...@@ -17,20 +17,17 @@ ...@@ -17,20 +17,17 @@
#include <net/netfilter/ipv4/nf_nat_masquerade.h> #include <net/netfilter/ipv4/nf_nat_masquerade.h>
static void nft_masq_ipv4_eval(const struct nft_expr *expr, static void nft_masq_ipv4_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_masq *priv = nft_expr_priv(expr); struct nft_masq *priv = nft_expr_priv(expr);
struct nf_nat_range range; struct nf_nat_range range;
unsigned int verdict;
memset(&range, 0, sizeof(range)); memset(&range, 0, sizeof(range));
range.flags = priv->flags; range.flags = priv->flags;
verdict = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum, regs->verdict.code = nf_nat_masquerade_ipv4(pkt->skb, pkt->ops->hooknum,
&range, pkt->out); &range, pkt->out);
data[NFT_REG_VERDICT].verdict = verdict;
} }
static struct nft_expr_type nft_masq_ipv4_type; static struct nft_expr_type nft_masq_ipv4_type;
......
...@@ -18,26 +18,25 @@ ...@@ -18,26 +18,25 @@
#include <net/netfilter/nft_redir.h> #include <net/netfilter/nft_redir.h>
static void nft_redir_ipv4_eval(const struct nft_expr *expr, static void nft_redir_ipv4_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_redir *priv = nft_expr_priv(expr); struct nft_redir *priv = nft_expr_priv(expr);
struct nf_nat_ipv4_multi_range_compat mr; struct nf_nat_ipv4_multi_range_compat mr;
unsigned int verdict;
memset(&mr, 0, sizeof(mr)); memset(&mr, 0, sizeof(mr));
if (priv->sreg_proto_min) { if (priv->sreg_proto_min) {
mr.range[0].min.all = mr.range[0].min.all =
*(__be16 *)&data[priv->sreg_proto_min].data[0]; *(__be16 *)&regs->data[priv->sreg_proto_min].data[0];
mr.range[0].max.all = mr.range[0].max.all =
*(__be16 *)&data[priv->sreg_proto_max].data[0]; *(__be16 *)&regs->data[priv->sreg_proto_max].data[0];
mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED; mr.range[0].flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
} }
mr.range[0].flags |= priv->flags; mr.range[0].flags |= priv->flags;
verdict = nf_nat_redirect_ipv4(pkt->skb, &mr, pkt->ops->hooknum); regs->verdict.code = nf_nat_redirect_ipv4(pkt->skb, &mr,
data[NFT_REG_VERDICT].verdict = verdict; pkt->ops->hooknum);
} }
static struct nft_expr_type nft_redir_ipv4_type; static struct nft_expr_type nft_redir_ipv4_type;
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
#include <net/netfilter/nft_reject.h> #include <net/netfilter/nft_reject.h>
static void nft_reject_ipv4_eval(const struct nft_expr *expr, static void nft_reject_ipv4_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_reject *priv = nft_expr_priv(expr); struct nft_reject *priv = nft_expr_priv(expr);
...@@ -37,7 +37,7 @@ static void nft_reject_ipv4_eval(const struct nft_expr *expr, ...@@ -37,7 +37,7 @@ static void nft_reject_ipv4_eval(const struct nft_expr *expr,
break; break;
} }
data[NFT_REG_VERDICT].verdict = NF_DROP; regs->verdict.code = NF_DROP;
} }
static struct nft_expr_type nft_reject_ipv4_type; static struct nft_expr_type nft_reject_ipv4_type;
......
...@@ -18,19 +18,16 @@ ...@@ -18,19 +18,16 @@
#include <net/netfilter/ipv6/nf_nat_masquerade.h> #include <net/netfilter/ipv6/nf_nat_masquerade.h>
static void nft_masq_ipv6_eval(const struct nft_expr *expr, static void nft_masq_ipv6_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_masq *priv = nft_expr_priv(expr); struct nft_masq *priv = nft_expr_priv(expr);
struct nf_nat_range range; struct nf_nat_range range;
unsigned int verdict;
memset(&range, 0, sizeof(range)); memset(&range, 0, sizeof(range));
range.flags = priv->flags; range.flags = priv->flags;
verdict = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out); regs->verdict.code = nf_nat_masquerade_ipv6(pkt->skb, &range, pkt->out);
data[NFT_REG_VERDICT].verdict = verdict;
} }
static struct nft_expr_type nft_masq_ipv6_type; static struct nft_expr_type nft_masq_ipv6_type;
......
...@@ -18,26 +18,25 @@ ...@@ -18,26 +18,25 @@
#include <net/netfilter/nf_nat_redirect.h> #include <net/netfilter/nf_nat_redirect.h>
static void nft_redir_ipv6_eval(const struct nft_expr *expr, static void nft_redir_ipv6_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_redir *priv = nft_expr_priv(expr); struct nft_redir *priv = nft_expr_priv(expr);
struct nf_nat_range range; struct nf_nat_range range;
unsigned int verdict;
memset(&range, 0, sizeof(range)); memset(&range, 0, sizeof(range));
if (priv->sreg_proto_min) { if (priv->sreg_proto_min) {
range.min_proto.all = range.min_proto.all =
*(__be16 *)&data[priv->sreg_proto_min].data[0]; *(__be16 *)&regs->data[priv->sreg_proto_min].data[0];
range.max_proto.all = range.max_proto.all =
*(__be16 *)&data[priv->sreg_proto_max].data[0]; *(__be16 *)&regs->data[priv->sreg_proto_max].data[0];
range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
} }
range.flags |= priv->flags; range.flags |= priv->flags;
verdict = nf_nat_redirect_ipv6(pkt->skb, &range, pkt->ops->hooknum); regs->verdict.code = nf_nat_redirect_ipv6(pkt->skb, &range,
data[NFT_REG_VERDICT].verdict = verdict; pkt->ops->hooknum);
} }
static struct nft_expr_type nft_redir_ipv6_type; static struct nft_expr_type nft_redir_ipv6_type;
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
#include <net/netfilter/ipv6/nf_reject.h> #include <net/netfilter/ipv6/nf_reject.h>
static void nft_reject_ipv6_eval(const struct nft_expr *expr, static void nft_reject_ipv6_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_reject *priv = nft_expr_priv(expr); struct nft_reject *priv = nft_expr_priv(expr);
...@@ -38,7 +38,7 @@ static void nft_reject_ipv6_eval(const struct nft_expr *expr, ...@@ -38,7 +38,7 @@ static void nft_reject_ipv6_eval(const struct nft_expr *expr,
break; break;
} }
data[NFT_REG_VERDICT].verdict = NF_DROP; regs->verdict.code = NF_DROP;
} }
static struct nft_expr_type nft_reject_ipv6_type; static struct nft_expr_type nft_reject_ipv6_type;
......
...@@ -65,23 +65,23 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, ...@@ -65,23 +65,23 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt,
} }
static void nft_cmp_fast_eval(const struct nft_expr *expr, static void nft_cmp_fast_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1]) struct nft_regs *regs)
{ {
const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr); const struct nft_cmp_fast_expr *priv = nft_expr_priv(expr);
u32 mask = nft_cmp_fast_mask(priv->len); u32 mask = nft_cmp_fast_mask(priv->len);
if ((data[priv->sreg].data[0] & mask) == priv->data) if ((regs->data[priv->sreg].data[0] & mask) == priv->data)
return; return;
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static bool nft_payload_fast_eval(const struct nft_expr *expr, static bool nft_payload_fast_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_payload *priv = nft_expr_priv(expr); const struct nft_payload *priv = nft_expr_priv(expr);
const struct sk_buff *skb = pkt->skb; const struct sk_buff *skb = pkt->skb;
struct nft_data *dest = &data[priv->dreg]; struct nft_data *dest = &regs->data[priv->dreg];
unsigned char *ptr; unsigned char *ptr;
if (priv->base == NFT_PAYLOAD_NETWORK_HEADER) if (priv->base == NFT_PAYLOAD_NETWORK_HEADER)
...@@ -116,7 +116,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) ...@@ -116,7 +116,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
const struct net *net = read_pnet(&nft_base_chain(basechain)->pnet); const struct net *net = read_pnet(&nft_base_chain(basechain)->pnet);
const struct nft_rule *rule; const struct nft_rule *rule;
const struct nft_expr *expr, *last; const struct nft_expr *expr, *last;
struct nft_data data[NFT_REG_MAX + 1]; struct nft_regs regs;
unsigned int stackptr = 0; unsigned int stackptr = 0;
struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE];
struct nft_stats *stats; struct nft_stats *stats;
...@@ -127,7 +127,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) ...@@ -127,7 +127,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
rulenum = 0; rulenum = 0;
rule = list_entry(&chain->rules, struct nft_rule, list); rule = list_entry(&chain->rules, struct nft_rule, list);
next_rule: next_rule:
data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; regs.verdict.code = NFT_CONTINUE;
list_for_each_entry_continue_rcu(rule, &chain->rules, list) { list_for_each_entry_continue_rcu(rule, &chain->rules, list) {
/* This rule is not active, skip. */ /* This rule is not active, skip. */
...@@ -138,18 +138,18 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) ...@@ -138,18 +138,18 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
nft_rule_for_each_expr(expr, last, rule) { nft_rule_for_each_expr(expr, last, rule) {
if (expr->ops == &nft_cmp_fast_ops) if (expr->ops == &nft_cmp_fast_ops)
nft_cmp_fast_eval(expr, data); nft_cmp_fast_eval(expr, &regs);
else if (expr->ops != &nft_payload_fast_ops || else if (expr->ops != &nft_payload_fast_ops ||
!nft_payload_fast_eval(expr, data, pkt)) !nft_payload_fast_eval(expr, &regs, pkt))
expr->ops->eval(expr, data, pkt); expr->ops->eval(expr, &regs, pkt);
if (data[NFT_REG_VERDICT].verdict != NFT_CONTINUE) if (regs.verdict.code != NFT_CONTINUE)
break; break;
} }
switch (data[NFT_REG_VERDICT].verdict) { switch (regs.verdict.code) {
case NFT_BREAK: case NFT_BREAK:
data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; regs.verdict.code = NFT_CONTINUE;
continue; continue;
case NFT_CONTINUE: case NFT_CONTINUE:
nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);
...@@ -158,15 +158,15 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) ...@@ -158,15 +158,15 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
break; break;
} }
switch (data[NFT_REG_VERDICT].verdict & NF_VERDICT_MASK) { switch (regs.verdict.code & NF_VERDICT_MASK) {
case NF_ACCEPT: case NF_ACCEPT:
case NF_DROP: case NF_DROP:
case NF_QUEUE: case NF_QUEUE:
nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);
return data[NFT_REG_VERDICT].verdict; return regs.verdict.code;
} }
switch (data[NFT_REG_VERDICT].verdict) { switch (regs.verdict.code) {
case NFT_JUMP: case NFT_JUMP:
BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE); BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
jumpstack[stackptr].chain = chain; jumpstack[stackptr].chain = chain;
...@@ -177,7 +177,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops) ...@@ -177,7 +177,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
case NFT_GOTO: case NFT_GOTO:
nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE); nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);
chain = data[NFT_REG_VERDICT].chain; chain = regs.verdict.chain;
goto do_chain; goto do_chain;
case NFT_CONTINUE: case NFT_CONTINUE:
rulenum++; rulenum++;
......
...@@ -26,12 +26,12 @@ struct nft_bitwise { ...@@ -26,12 +26,12 @@ struct nft_bitwise {
}; };
static void nft_bitwise_eval(const struct nft_expr *expr, static void nft_bitwise_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_bitwise *priv = nft_expr_priv(expr); const struct nft_bitwise *priv = nft_expr_priv(expr);
const struct nft_data *src = &data[priv->sreg]; const struct nft_data *src = &regs->data[priv->sreg];
struct nft_data *dst = &data[priv->dreg]; struct nft_data *dst = &regs->data[priv->dreg];
unsigned int i; unsigned int i;
for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++) { for (i = 0; i < DIV_ROUND_UP(priv->len, 4); i++) {
......
...@@ -26,11 +26,12 @@ struct nft_byteorder { ...@@ -26,11 +26,12 @@ struct nft_byteorder {
}; };
static void nft_byteorder_eval(const struct nft_expr *expr, static void nft_byteorder_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_byteorder *priv = nft_expr_priv(expr); const struct nft_byteorder *priv = nft_expr_priv(expr);
struct nft_data *src = &data[priv->sreg], *dst = &data[priv->dreg]; struct nft_data *src = &regs->data[priv->sreg];
struct nft_data *dst = &regs->data[priv->dreg];
union { u32 u32; u16 u16; } *s, *d; union { u32 u32; u16 u16; } *s, *d;
unsigned int i; unsigned int i;
......
...@@ -25,13 +25,13 @@ struct nft_cmp_expr { ...@@ -25,13 +25,13 @@ struct nft_cmp_expr {
}; };
static void nft_cmp_eval(const struct nft_expr *expr, static void nft_cmp_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_cmp_expr *priv = nft_expr_priv(expr); const struct nft_cmp_expr *priv = nft_expr_priv(expr);
int d; int d;
d = nft_data_cmp(&data[priv->sreg], &priv->data, priv->len); d = nft_data_cmp(&regs->data[priv->sreg], &priv->data, priv->len);
switch (priv->op) { switch (priv->op) {
case NFT_CMP_EQ: case NFT_CMP_EQ:
if (d != 0) if (d != 0)
...@@ -59,7 +59,7 @@ static void nft_cmp_eval(const struct nft_expr *expr, ...@@ -59,7 +59,7 @@ static void nft_cmp_eval(const struct nft_expr *expr,
return; return;
mismatch: mismatch:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static const struct nla_policy nft_cmp_policy[NFTA_CMP_MAX + 1] = { static const struct nla_policy nft_cmp_policy[NFTA_CMP_MAX + 1] = {
......
...@@ -55,7 +55,7 @@ nft_compat_set_par(struct xt_action_param *par, void *xt, const void *xt_info) ...@@ -55,7 +55,7 @@ nft_compat_set_par(struct xt_action_param *par, void *xt, const void *xt_info)
} }
static void nft_target_eval_xt(const struct nft_expr *expr, static void nft_target_eval_xt(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
void *info = nft_expr_priv(expr); void *info = nft_expr_priv(expr);
...@@ -72,16 +72,16 @@ static void nft_target_eval_xt(const struct nft_expr *expr, ...@@ -72,16 +72,16 @@ static void nft_target_eval_xt(const struct nft_expr *expr,
switch (ret) { switch (ret) {
case XT_CONTINUE: case XT_CONTINUE:
data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; regs->verdict.code = NFT_CONTINUE;
break; break;
default: default:
data[NFT_REG_VERDICT].verdict = ret; regs->verdict.code = ret;
break; break;
} }
} }
static void nft_target_eval_bridge(const struct nft_expr *expr, static void nft_target_eval_bridge(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
void *info = nft_expr_priv(expr); void *info = nft_expr_priv(expr);
...@@ -98,19 +98,19 @@ static void nft_target_eval_bridge(const struct nft_expr *expr, ...@@ -98,19 +98,19 @@ static void nft_target_eval_bridge(const struct nft_expr *expr,
switch (ret) { switch (ret) {
case EBT_ACCEPT: case EBT_ACCEPT:
data[NFT_REG_VERDICT].verdict = NF_ACCEPT; regs->verdict.code = NF_ACCEPT;
break; break;
case EBT_DROP: case EBT_DROP:
data[NFT_REG_VERDICT].verdict = NF_DROP; regs->verdict.code = NF_DROP;
break; break;
case EBT_CONTINUE: case EBT_CONTINUE:
data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; regs->verdict.code = NFT_CONTINUE;
break; break;
case EBT_RETURN: case EBT_RETURN:
data[NFT_REG_VERDICT].verdict = NFT_RETURN; regs->verdict.code = NFT_RETURN;
break; break;
default: default:
data[NFT_REG_VERDICT].verdict = ret; regs->verdict.code = ret;
break; break;
} }
} }
...@@ -304,7 +304,7 @@ static int nft_target_validate(const struct nft_ctx *ctx, ...@@ -304,7 +304,7 @@ static int nft_target_validate(const struct nft_ctx *ctx,
} }
static void nft_match_eval(const struct nft_expr *expr, static void nft_match_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
void *info = nft_expr_priv(expr); void *info = nft_expr_priv(expr);
...@@ -317,16 +317,16 @@ static void nft_match_eval(const struct nft_expr *expr, ...@@ -317,16 +317,16 @@ static void nft_match_eval(const struct nft_expr *expr,
ret = match->match(skb, (struct xt_action_param *)&pkt->xt); ret = match->match(skb, (struct xt_action_param *)&pkt->xt);
if (pkt->xt.hotdrop) { if (pkt->xt.hotdrop) {
data[NFT_REG_VERDICT].verdict = NF_DROP; regs->verdict.code = NF_DROP;
return; return;
} }
switch (ret ? 1 : 0) { switch (ret ? 1 : 0) {
case 1: case 1:
data[NFT_REG_VERDICT].verdict = NFT_CONTINUE; regs->verdict.code = NFT_CONTINUE;
break; break;
case 0: case 0:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
break; break;
} }
} }
......
...@@ -24,7 +24,7 @@ struct nft_counter { ...@@ -24,7 +24,7 @@ struct nft_counter {
}; };
static void nft_counter_eval(const struct nft_expr *expr, static void nft_counter_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_counter *priv = nft_expr_priv(expr); struct nft_counter *priv = nft_expr_priv(expr);
......
...@@ -31,11 +31,11 @@ struct nft_ct { ...@@ -31,11 +31,11 @@ struct nft_ct {
}; };
static void nft_ct_get_eval(const struct nft_expr *expr, static void nft_ct_get_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_ct *priv = nft_expr_priv(expr); const struct nft_ct *priv = nft_expr_priv(expr);
struct nft_data *dest = &data[priv->dreg]; struct nft_data *dest = &regs->data[priv->dreg];
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
const struct nf_conn *ct; const struct nf_conn *ct;
const struct nf_conn_help *help; const struct nf_conn_help *help;
...@@ -146,17 +146,17 @@ static void nft_ct_get_eval(const struct nft_expr *expr, ...@@ -146,17 +146,17 @@ static void nft_ct_get_eval(const struct nft_expr *expr,
} }
return; return;
err: err:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static void nft_ct_set_eval(const struct nft_expr *expr, static void nft_ct_set_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_ct *priv = nft_expr_priv(expr); const struct nft_ct *priv = nft_expr_priv(expr);
struct sk_buff *skb = pkt->skb; struct sk_buff *skb = pkt->skb;
#ifdef CONFIG_NF_CONNTRACK_MARK #ifdef CONFIG_NF_CONNTRACK_MARK
u32 value = data[priv->sreg].data[0]; u32 value = regs->data[priv->sreg].data[0];
#endif #endif
enum ip_conntrack_info ctinfo; enum ip_conntrack_info ctinfo;
struct nf_conn *ct; struct nf_conn *ct;
......
...@@ -27,7 +27,7 @@ struct nft_dynset { ...@@ -27,7 +27,7 @@ struct nft_dynset {
}; };
static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1]) struct nft_regs *regs)
{ {
const struct nft_dynset *priv = nft_expr_priv(expr); const struct nft_dynset *priv = nft_expr_priv(expr);
u64 timeout; u64 timeout;
...@@ -38,7 +38,8 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, ...@@ -38,7 +38,8 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr,
timeout = priv->timeout ? : set->timeout; timeout = priv->timeout ? : set->timeout;
elem = nft_set_elem_init(set, &priv->tmpl, elem = nft_set_elem_init(set, &priv->tmpl,
&data[priv->sreg_key], &data[priv->sreg_data], &regs->data[priv->sreg_key],
&regs->data[priv->sreg_data],
timeout, GFP_ATOMIC); timeout, GFP_ATOMIC);
if (elem == NULL) { if (elem == NULL) {
if (set->size) if (set->size)
...@@ -48,7 +49,7 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr, ...@@ -48,7 +49,7 @@ static void *nft_dynset_new(struct nft_set *set, const struct nft_expr *expr,
} }
static void nft_dynset_eval(const struct nft_expr *expr, static void nft_dynset_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_dynset *priv = nft_expr_priv(expr); const struct nft_dynset *priv = nft_expr_priv(expr);
...@@ -56,8 +57,8 @@ static void nft_dynset_eval(const struct nft_expr *expr, ...@@ -56,8 +57,8 @@ static void nft_dynset_eval(const struct nft_expr *expr,
const struct nft_set_ext *ext; const struct nft_set_ext *ext;
u64 timeout; u64 timeout;
if (set->ops->update(set, &data[priv->sreg_key], nft_dynset_new, if (set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new,
expr, data, &ext)) { expr, regs, &ext)) {
if (priv->op == NFT_DYNSET_OP_UPDATE && if (priv->op == NFT_DYNSET_OP_UPDATE &&
nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) {
timeout = priv->timeout ? : set->timeout; timeout = priv->timeout ? : set->timeout;
...@@ -66,7 +67,7 @@ static void nft_dynset_eval(const struct nft_expr *expr, ...@@ -66,7 +67,7 @@ static void nft_dynset_eval(const struct nft_expr *expr,
} }
} }
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static const struct nla_policy nft_dynset_policy[NFTA_DYNSET_MAX + 1] = { static const struct nla_policy nft_dynset_policy[NFTA_DYNSET_MAX + 1] = {
......
...@@ -26,11 +26,11 @@ struct nft_exthdr { ...@@ -26,11 +26,11 @@ struct nft_exthdr {
}; };
static void nft_exthdr_eval(const struct nft_expr *expr, static void nft_exthdr_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_exthdr *priv = nft_expr_priv(expr); struct nft_exthdr *priv = nft_expr_priv(expr);
struct nft_data *dest = &data[priv->dreg]; struct nft_data *dest = &regs->data[priv->dreg];
unsigned int offset = 0; unsigned int offset = 0;
int err; int err;
...@@ -43,7 +43,7 @@ static void nft_exthdr_eval(const struct nft_expr *expr, ...@@ -43,7 +43,7 @@ static void nft_exthdr_eval(const struct nft_expr *expr,
goto err; goto err;
return; return;
err: err:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = { static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = {
......
...@@ -93,9 +93,9 @@ static bool nft_hash_lookup(const struct nft_set *set, ...@@ -93,9 +93,9 @@ static bool nft_hash_lookup(const struct nft_set *set,
static bool nft_hash_update(struct nft_set *set, const struct nft_data *key, static bool nft_hash_update(struct nft_set *set, const struct nft_data *key,
void *(*new)(struct nft_set *, void *(*new)(struct nft_set *,
const struct nft_expr *, const struct nft_expr *,
struct nft_data []), struct nft_regs *regs),
const struct nft_expr *expr, const struct nft_expr *expr,
struct nft_data data[], struct nft_regs *regs,
const struct nft_set_ext **ext) const struct nft_set_ext **ext)
{ {
struct nft_hash *priv = nft_set_priv(set); struct nft_hash *priv = nft_set_priv(set);
...@@ -110,7 +110,7 @@ static bool nft_hash_update(struct nft_set *set, const struct nft_data *key, ...@@ -110,7 +110,7 @@ static bool nft_hash_update(struct nft_set *set, const struct nft_data *key,
if (he != NULL) if (he != NULL)
goto out; goto out;
he = new(set, expr, data); he = new(set, expr, regs);
if (he == NULL) if (he == NULL)
goto err1; goto err1;
if (rhashtable_lookup_insert_key(&priv->ht, &arg, &he->node, if (rhashtable_lookup_insert_key(&priv->ht, &arg, &he->node,
......
...@@ -24,12 +24,12 @@ struct nft_immediate_expr { ...@@ -24,12 +24,12 @@ struct nft_immediate_expr {
}; };
static void nft_immediate_eval(const struct nft_expr *expr, static void nft_immediate_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_immediate_expr *priv = nft_expr_priv(expr); const struct nft_immediate_expr *priv = nft_expr_priv(expr);
nft_data_copy(&data[priv->dreg], &priv->data); nft_data_copy(&regs->data[priv->dreg], &priv->data);
} }
static const struct nla_policy nft_immediate_policy[NFTA_IMMEDIATE_MAX + 1] = { static const struct nla_policy nft_immediate_policy[NFTA_IMMEDIATE_MAX + 1] = {
......
...@@ -27,7 +27,7 @@ struct nft_limit { ...@@ -27,7 +27,7 @@ struct nft_limit {
}; };
static void nft_limit_eval(const struct nft_expr *expr, static void nft_limit_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_limit *priv = nft_expr_priv(expr); struct nft_limit *priv = nft_expr_priv(expr);
...@@ -45,7 +45,7 @@ static void nft_limit_eval(const struct nft_expr *expr, ...@@ -45,7 +45,7 @@ static void nft_limit_eval(const struct nft_expr *expr,
} }
spin_unlock_bh(&limit_lock); spin_unlock_bh(&limit_lock);
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static const struct nla_policy nft_limit_policy[NFTA_LIMIT_MAX + 1] = { static const struct nla_policy nft_limit_policy[NFTA_LIMIT_MAX + 1] = {
......
...@@ -27,7 +27,7 @@ struct nft_log { ...@@ -27,7 +27,7 @@ struct nft_log {
}; };
static void nft_log_eval(const struct nft_expr *expr, static void nft_log_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_log *priv = nft_expr_priv(expr); const struct nft_log *priv = nft_expr_priv(expr);
......
...@@ -26,19 +26,20 @@ struct nft_lookup { ...@@ -26,19 +26,20 @@ struct nft_lookup {
}; };
static void nft_lookup_eval(const struct nft_expr *expr, static void nft_lookup_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_lookup *priv = nft_expr_priv(expr); const struct nft_lookup *priv = nft_expr_priv(expr);
const struct nft_set *set = priv->set; const struct nft_set *set = priv->set;
const struct nft_set_ext *ext; const struct nft_set_ext *ext;
if (set->ops->lookup(set, &data[priv->sreg], &ext)) { if (set->ops->lookup(set, &regs->data[priv->sreg], &ext)) {
if (set->flags & NFT_SET_MAP) if (set->flags & NFT_SET_MAP)
nft_data_copy(&data[priv->dreg], nft_set_ext_data(ext)); nft_data_copy(&regs->data[priv->dreg],
nft_set_ext_data(ext));
return; return;
} }
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = { static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = {
......
...@@ -25,13 +25,13 @@ ...@@ -25,13 +25,13 @@
#include <net/netfilter/nft_meta.h> #include <net/netfilter/nft_meta.h>
void nft_meta_get_eval(const struct nft_expr *expr, void nft_meta_get_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_meta *priv = nft_expr_priv(expr); const struct nft_meta *priv = nft_expr_priv(expr);
const struct sk_buff *skb = pkt->skb; const struct sk_buff *skb = pkt->skb;
const struct net_device *in = pkt->in, *out = pkt->out; const struct net_device *in = pkt->in, *out = pkt->out;
struct nft_data *dest = &data[priv->dreg]; struct nft_data *dest = &regs->data[priv->dreg];
switch (priv->key) { switch (priv->key) {
case NFT_META_LEN: case NFT_META_LEN:
...@@ -177,17 +177,17 @@ void nft_meta_get_eval(const struct nft_expr *expr, ...@@ -177,17 +177,17 @@ void nft_meta_get_eval(const struct nft_expr *expr,
return; return;
err: err:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
EXPORT_SYMBOL_GPL(nft_meta_get_eval); EXPORT_SYMBOL_GPL(nft_meta_get_eval);
void nft_meta_set_eval(const struct nft_expr *expr, void nft_meta_set_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_meta *meta = nft_expr_priv(expr); const struct nft_meta *meta = nft_expr_priv(expr);
struct sk_buff *skb = pkt->skb; struct sk_buff *skb = pkt->skb;
u32 value = data[meta->sreg].data[0]; u32 value = regs->data[meta->sreg].data[0];
switch (meta->key) { switch (meta->key) {
case NFT_META_MARK: case NFT_META_MARK:
......
...@@ -37,7 +37,7 @@ struct nft_nat { ...@@ -37,7 +37,7 @@ struct nft_nat {
}; };
static void nft_nat_eval(const struct nft_expr *expr, static void nft_nat_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_nat *priv = nft_expr_priv(expr); const struct nft_nat *priv = nft_expr_priv(expr);
...@@ -49,16 +49,16 @@ static void nft_nat_eval(const struct nft_expr *expr, ...@@ -49,16 +49,16 @@ static void nft_nat_eval(const struct nft_expr *expr,
if (priv->sreg_addr_min) { if (priv->sreg_addr_min) {
if (priv->family == AF_INET) { if (priv->family == AF_INET) {
range.min_addr.ip = (__force __be32) range.min_addr.ip = (__force __be32)
data[priv->sreg_addr_min].data[0]; regs->data[priv->sreg_addr_min].data[0];
range.max_addr.ip = (__force __be32) range.max_addr.ip = (__force __be32)
data[priv->sreg_addr_max].data[0]; regs->data[priv->sreg_addr_max].data[0];
} else { } else {
memcpy(range.min_addr.ip6, memcpy(range.min_addr.ip6,
data[priv->sreg_addr_min].data, &regs->data[priv->sreg_addr_min].data,
sizeof(struct nft_data)); sizeof(struct nft_data));
memcpy(range.max_addr.ip6, memcpy(range.max_addr.ip6,
data[priv->sreg_addr_max].data, &regs->data[priv->sreg_addr_max].data,
sizeof(struct nft_data)); sizeof(struct nft_data));
} }
range.flags |= NF_NAT_RANGE_MAP_IPS; range.flags |= NF_NAT_RANGE_MAP_IPS;
...@@ -66,16 +66,15 @@ static void nft_nat_eval(const struct nft_expr *expr, ...@@ -66,16 +66,15 @@ static void nft_nat_eval(const struct nft_expr *expr,
if (priv->sreg_proto_min) { if (priv->sreg_proto_min) {
range.min_proto.all = range.min_proto.all =
*(__be16 *)&data[priv->sreg_proto_min].data[0]; *(__be16 *)&regs->data[priv->sreg_proto_min].data[0];
range.max_proto.all = range.max_proto.all =
*(__be16 *)&data[priv->sreg_proto_max].data[0]; *(__be16 *)&regs->data[priv->sreg_proto_max].data[0];
range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED; range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
} }
range.flags |= priv->flags; range.flags |= priv->flags;
data[NFT_REG_VERDICT].verdict = regs->verdict.code = nf_nat_setup_info(ct, &range, priv->type);
nf_nat_setup_info(ct, &range, priv->type);
} }
static const struct nla_policy nft_nat_policy[NFTA_NAT_MAX + 1] = { static const struct nla_policy nft_nat_policy[NFTA_NAT_MAX + 1] = {
......
...@@ -18,12 +18,12 @@ ...@@ -18,12 +18,12 @@
#include <net/netfilter/nf_tables.h> #include <net/netfilter/nf_tables.h>
static void nft_payload_eval(const struct nft_expr *expr, static void nft_payload_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
const struct nft_payload *priv = nft_expr_priv(expr); const struct nft_payload *priv = nft_expr_priv(expr);
const struct sk_buff *skb = pkt->skb; const struct sk_buff *skb = pkt->skb;
struct nft_data *dest = &data[priv->dreg]; struct nft_data *dest = &regs->data[priv->dreg];
int offset; int offset;
switch (priv->base) { switch (priv->base) {
...@@ -47,7 +47,7 @@ static void nft_payload_eval(const struct nft_expr *expr, ...@@ -47,7 +47,7 @@ static void nft_payload_eval(const struct nft_expr *expr,
goto err; goto err;
return; return;
err: err:
data[NFT_REG_VERDICT].verdict = NFT_BREAK; regs->verdict.code = NFT_BREAK;
} }
static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = { static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = {
......
...@@ -28,7 +28,7 @@ struct nft_queue { ...@@ -28,7 +28,7 @@ struct nft_queue {
}; };
static void nft_queue_eval(const struct nft_expr *expr, static void nft_queue_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_queue *priv = nft_expr_priv(expr); struct nft_queue *priv = nft_expr_priv(expr);
...@@ -51,7 +51,7 @@ static void nft_queue_eval(const struct nft_expr *expr, ...@@ -51,7 +51,7 @@ static void nft_queue_eval(const struct nft_expr *expr,
if (priv->flags & NFT_QUEUE_FLAG_BYPASS) if (priv->flags & NFT_QUEUE_FLAG_BYPASS)
ret |= NF_VERDICT_FLAG_QUEUE_BYPASS; ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
data[NFT_REG_VERDICT].verdict = ret; regs->verdict.code = ret;
} }
static const struct nla_policy nft_queue_policy[NFTA_QUEUE_MAX + 1] = { static const struct nla_policy nft_queue_policy[NFTA_QUEUE_MAX + 1] = {
......
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
#include <net/netfilter/ipv6/nf_reject.h> #include <net/netfilter/ipv6/nf_reject.h>
static void nft_reject_inet_eval(const struct nft_expr *expr, static void nft_reject_inet_eval(const struct nft_expr *expr,
struct nft_data data[NFT_REG_MAX + 1], struct nft_regs *regs,
const struct nft_pktinfo *pkt) const struct nft_pktinfo *pkt)
{ {
struct nft_reject *priv = nft_expr_priv(expr); struct nft_reject *priv = nft_expr_priv(expr);
...@@ -58,7 +58,8 @@ static void nft_reject_inet_eval(const struct nft_expr *expr, ...@@ -58,7 +58,8 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
} }
break; break;
} }
data[NFT_REG_VERDICT].verdict = NF_DROP;
regs->verdict.code = NF_DROP;
} }
static int nft_reject_inet_init(const struct nft_ctx *ctx, static int nft_reject_inet_init(const struct nft_ctx *ctx,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment