netfilter: nf_tables: return set extensions from ->lookup()

Return the extension area from the ->lookup() function to allow to
consolidate common actions.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 6ac63323afd25385281003bce05290f69237d16d..f190d26bda7d7119450430954b8b7090fe209126 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -200,6 +200,8 @@ struct nft_set_estimate {
        enum nft_set_class      class;
 };
 
+struct nft_set_ext;
+
 /**
  *     struct nft_set_ops - nf_tables set operations
  *
@@ -218,7 +220,7 @@ struct nft_set_estimate {
 struct nft_set_ops {
        bool                            (*lookup)(const struct nft_set *set,
                                                  const struct nft_data *key,
-                                                 struct nft_data *data);
+                                                 const struct nft_set_ext **ext);
        int                             (*get)(const struct nft_set *set,
                                               struct nft_set_elem *elem);
        int                             (*insert)(const struct nft_set *set,

diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
index 94bf25def37fd731319502bcf661ee09c17ef3ad..5bee82195ef563a343542dec579687d464002489 100644 (file)
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -66,7 +66,7 @@ static inline int nft_hash_cmp(struct rhashtable_compare_arg *arg,
 
 static bool nft_hash_lookup(const struct nft_set *set,
                            const struct nft_data *key,
-                           struct nft_data *data)
+                           const struct nft_set_ext **ext)
 {
        struct nft_hash *priv = nft_set_priv(set);
        const struct nft_hash_elem *he;
@@ -76,8 +76,8 @@ static bool nft_hash_lookup(const struct nft_set *set,
        };
 
        he = rhashtable_lookup_fast(&priv->ht, &arg, nft_hash_params);
-       if (he && set->flags & NFT_SET_MAP)
-               nft_data_copy(data, nft_set_ext_data(&he->ext));
+       if (he != NULL)
+               *ext = &he->ext;
 
        return !!he;
 }

diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index 9615b8b9fb37dcf769207537f0545dd2a08c62d6..a5f30b8760eab5aa476f0afc13fe0e8686c9ff47 100644 (file)
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -31,9 +31,13 @@ static void nft_lookup_eval(const struct nft_expr *expr,
 {
        const struct nft_lookup *priv = nft_expr_priv(expr);
        const struct nft_set *set = priv->set;
+       const struct nft_set_ext *ext;
 
-       if (set->ops->lookup(set, &data[priv->sreg], &data[priv->dreg]))
+       if (set->ops->lookup(set, &data[priv->sreg], &ext)) {
+               if (set->flags & NFT_SET_MAP)
+                       nft_data_copy(&data[priv->dreg], nft_set_ext_data(ext));
                return;
+       }
        data[NFT_REG_VERDICT].verdict = NFT_BREAK;
 }
 

diff --git a/net/netfilter/nft_rbtree.c b/net/netfilter/nft_rbtree.c
index 332c6afc77e95b2d7c4f5973f0e0806f5296b6c9..cbba755ebebc4cc47bd9930aa4205e7d0d7e0de0 100644 (file)
--- a/net/netfilter/nft_rbtree.c
+++ b/net/netfilter/nft_rbtree.c
@@ -31,7 +31,7 @@ struct nft_rbtree_elem {
 
 static bool nft_rbtree_lookup(const struct nft_set *set,
                              const struct nft_data *key,
-                             struct nft_data *data)
+                             const struct nft_set_ext **ext)
 {
        const struct nft_rbtree *priv = nft_set_priv(set);
        const struct nft_rbtree_elem *rbe, *interval = NULL;
@@ -55,10 +55,9 @@ found:
                            *nft_set_ext_flags(&rbe->ext) &
                            NFT_SET_ELEM_INTERVAL_END)
                                goto out;
-                       if (set->flags & NFT_SET_MAP)
-                               nft_data_copy(data, nft_set_ext_data(&rbe->ext));
-
                        spin_unlock_bh(&nft_rbtree_lock);
+
+                       *ext = &rbe->ext;
                        return true;
                }
        }