From e3ecdda1f6a326b707ed62ca4278034b54a38aef Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 12 Apr 2015 21:10:41 +0100 Subject: headers: sync headers for new register values Signed-off-by: Patrick McHardy --- include/linux/netfilter/nf_tables.h | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 0e964439..33056dc2 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -4,16 +4,45 @@ #define NFT_CHAIN_MAXNAMELEN 32 #define NFT_USERDATA_MAXLEN 256 +/** + * enum nft_registers - nf_tables registers + * + * nf_tables used to have five registers: a verdict register and four data + * registers of size 16. The data registers have been changed to 16 registers + * of size 4. For compatibility reasons, the NFT_REG_[1-4] registers still + * map to areas of size 16, the 4 byte registers are addressed using + * NFT_REG32_00 - NFT_REG32_15. + */ enum nft_registers { NFT_REG_VERDICT, NFT_REG_1, NFT_REG_2, NFT_REG_3, NFT_REG_4, - __NFT_REG_MAX + __NFT_REG_MAX, + + NFT_REG32_00 = 8, + MFT_REG32_01, + NFT_REG32_02, + NFT_REG32_03, + NFT_REG32_04, + NFT_REG32_05, + NFT_REG32_06, + NFT_REG32_07, + NFT_REG32_08, + NFT_REG32_09, + NFT_REG32_10, + NFT_REG32_11, + NFT_REG32_12, + NFT_REG32_13, + NFT_REG32_14, + NFT_REG32_15, }; #define NFT_REG_MAX (__NFT_REG_MAX - 1) +#define NFT_REG_SIZE 16 +#define NFT_REG32_SIZE 4 + /** * enum nft_verdicts - nf_tables internal verdicts * @@ -358,6 +387,9 @@ enum nft_data_attributes { }; #define NFTA_DATA_MAX (__NFTA_DATA_MAX - 1) +/* Maximum length of a value */ +#define NFT_DATA_VALUE_MAXLEN 64 + /** * enum nft_verdict_attributes - nf_tables verdict netlink attributes * -- cgit v1.2.3 From 9c286f2d689bbc19889d2f3b69923ad68831b3e7 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 12 Apr 2015 21:10:41 +0100 Subject: netlink_linearize: use NFT_REG32 values internally Prepare netlink_linearize for 32 bit register usage: Switch to use 16 data registers of 32 bit each. A helper function takes care of mapping the registers to the NFT_REG32 values and, if the register refers to the beginning of an 128 bit area, the old NFT_REG_1-4 values for compatibility. New register reservation and release helper function take the size into account and reserve the required amount of registers. The reservation and release functions will so far still always allocate 128 bit. If no other expression in a rule uses a 32 bit register directly, these will be mapped to the old register values, meaning everything continues to work with old kernel versions. Signed-off-by: Patrick McHardy --- include/netlink.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'include') diff --git a/include/netlink.h b/include/netlink.h index 9f24ea5e..9b42fdbd 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -53,6 +53,11 @@ struct nft_data_delinearize { int verdict; }; +static inline unsigned int netlink_register_space(unsigned int size) +{ + return div_round_up(size, NFT_REG32_SIZE * BITS_PER_BYTE); +} + extern void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data); extern void netlink_gen_raw_data(const mpz_t value, enum byteorder byteorder, -- cgit v1.2.3 From 9c641885afea6f46b62f591ed9b0e3006fb23701 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Sun, 12 Apr 2015 21:10:42 +0100 Subject: netlink: pad constant concat sub-expressions Pad all but the last sub-expressions of a concat expressions. Signed-off-by: Patrick McHardy --- include/netlink.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include') diff --git a/include/netlink.h b/include/netlink.h index 9b42fdbd..185c4357 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -58,6 +58,16 @@ static inline unsigned int netlink_register_space(unsigned int size) return div_round_up(size, NFT_REG32_SIZE * BITS_PER_BYTE); } +static inline unsigned int netlink_padded_len(unsigned int size) +{ + return netlink_register_space(size) * NFT_REG32_SIZE * BITS_PER_BYTE; +} + +static inline unsigned int netlink_padding_len(unsigned int size) +{ + return netlink_padded_len(size) - size; +} + extern void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data); extern void netlink_gen_raw_data(const mpz_t value, enum byteorder byteorder, -- cgit v1.2.3