From 677895d0ac5b0c3b46ef3200e961a708d5601c1e Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Sat, 26 Jun 2021 22:17:58 +0200 Subject: Backport "netfilter: add helper function to set up the nfnetlink header and use it" Backport patch "netfilter: add helper function to set up the nfnetlink header and use it" from Pablo Neira Ayuso . Signed-off-by: Jozsef Kadlecsik --- configure.ac | 10 ++++++++ .../linux/netfilter/ipset/ip_set_compat.h.in | 30 ++++++++++++++++++++++ kernel/net/netfilter/ipset/ip_set_core.c | 17 +++--------- 3 files changed, 43 insertions(+), 14 deletions(-) diff --git a/configure.ac b/configure.ac index bd6116c..9aea004 100644 --- a/configure.ac +++ b/configure.ac @@ -786,6 +786,16 @@ else AC_SUBST(HAVE_NLA_POLICY_EXACT_LEN, undef) fi +AC_MSG_CHECKING([kernel source for nfnl_msg_put() in nfnetlink.h]) +if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \ + $GREP -q 'nfnl_msg_put' $ksourcedir/include/linux/netfilter/nfnetlink.h; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_NFNL_MSG_PUT, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_NFNL_MSG_PUT, undef) +fi + AC_MSG_CHECKING([kernel source for kvzalloc() in mm.h]) if test -f $ksourcedir/include/linux/mm.h && \ $GREP -q 'static inline void \*kvzalloc(' $ksourcedir/include/linux/mm.h; then diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index 96a4cf4..3a8dd9e 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -62,6 +62,7 @@ #@HAVE_KVZALLOC@ HAVE_KVZALLOC #@HAVE_GFP_KERNEL_ACCOUNT@ HAVE_GFP_KERNEL_ACCOUNT #@HAVE_NLA_STRSCPY@ HAVE_NLA_STRSCPY +#@HAVE_NFNL_MSG_PUT@ HAVE_NFNL_MSG_PUT #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #include @@ -406,6 +407,35 @@ static inline u16 nfnl_msg_type(u8 subsys, u8 msg_type) } #endif +#ifndef HAVE_NFNL_MSG_PUT +static inline void nfnl_fill_hdr(struct nlmsghdr *nlh, u8 family, u8 version, + __be16 res_id) +{ + struct nfgenmsg *nfmsg; + + nfmsg = nlmsg_data(nlh); + nfmsg->nfgen_family = family; + nfmsg->version = version; + nfmsg->res_id = res_id; +} + +static inline struct nlmsghdr *nfnl_msg_put(struct sk_buff *skb, u32 portid, + u32 seq, int type, int flags, + u8 family, u8 version, + __be16 res_id) +{ + struct nlmsghdr *nlh; + + nlh = nlmsg_put(skb, portid, seq, type, sizeof(struct nfgenmsg), flags); + if (!nlh) + return NULL; + + nfnl_fill_hdr(nlh, family, version, res_id); + + return nlh; +} +#endif + #ifdef HAVE_NETLINK_EXTENDED_ACK #define NETLINK_ACK(in_skb, nlh, err, extack) netlink_ack(in_skb, nlh, err, extack) #else diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 63a7955..4057dc1 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -964,20 +964,9 @@ static struct nlmsghdr * start_msg(struct sk_buff *skb, u32 portid, u32 seq, unsigned int flags, enum ipset_cmd cmd) { - struct nlmsghdr *nlh; - struct nfgenmsg *nfmsg; - - nlh = nlmsg_put(skb, portid, seq, nfnl_msg_type(NFNL_SUBSYS_IPSET, cmd), - sizeof(*nfmsg), flags); - if (!nlh) - return NULL; - - nfmsg = nlmsg_data(nlh); - nfmsg->nfgen_family = NFPROTO_IPV4; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = 0; - - return nlh; + return nfnl_msg_put(skb, portid, seq, + nfnl_msg_type(NFNL_SUBSYS_IPSET, cmd), flags, + NFPROTO_IPV4, NFNETLINK_V0, 0); } /* Create a set */ -- cgit v1.2.3