]> granicus.if.org Git - ipset/commitdiff
Backport patch: netlink: pass extended ACK struct to parsing functions
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 11 Sep 2017 18:45:44 +0000 (20:45 +0200)
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Mon, 11 Sep 2017 18:45:44 +0000 (20:45 +0200)
configure.ac
kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
kernel/net/netfilter/ipset/ip_set_core.c

index 2c6354f38f2ea2388886ab39f112f8dacab5c4f1..c818557eab7b32e9f0308d0c0165bb5bfeebbbc2 100644 (file)
@@ -559,6 +559,16 @@ else
        AC_SUBST(HAVE_NETLINK_EXTENDED_ACK, undef)
 fi
 
+AC_MSG_CHECKING([kernel source for passing extended ACK struct to parsing functions])
+if test -f $ksourcedir/include/linux/netlink.h && \
+   $AWK '/^static inline int nla_parse_nested/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'struct netlink_ext_ack'; then
+       AC_MSG_RESULT(yes)
+       AC_SUBST(HAVE_PASSING_EXTENDED_ACK_TO_PARSERS, define)
+else
+       AC_MSG_RESULT(no)
+       AC_SUBST(HAVE_PASSING_EXTENDED_ACK_TO_PARSERS, undef)
+fi
+
 AC_MSG_CHECKING([kernel source for struct net_generic])
 if test -f $ksourcedir/include/net/netns/generic.h && \
    $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
index fd1696bf61737f9e63cd2801ac054d32c71d9eaa..36eecee05d3e457a462d3d708a7679ebafcd9f05 100644 (file)
@@ -40,6 +40,7 @@
 #@HAVE_XT_NET@ HAVE_XT_NET
 #@HAVE_NFNL_MSG_TYPE@ HAVE_NFNL_MSG_TYPE
 #@HAVE_NETLINK_EXTENDED_ACK@ HAVE_NETLINK_EXTENDED_ACK
+#@HAVE_PASSING_EXTENDED_ACK_TO_PARSERS@ HAVE_PASSING_EXTENDED_ACK_TO_PARSERS
 
 #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
 #include <linux/module.h>
@@ -311,6 +312,14 @@ static inline u16 nfnl_msg_type(u8 subsys, u8 msg_type)
 #define NETLINK_ACK(in_skb, nlh, err, extack)  netlink_ack(in_skb, nlh, err)
 #endif
 
+#ifdef HAVE_PASSING_EXTENDED_ACK_TO_PARSERS
+#define NLA_PARSE(t, m, h, l, p, e)            nla_parse(t, m, h, l, p, e)
+#define NLA_PARSE_NESTED(t, m, n, p, e)                nla_parse_nested(t, m, n, p, e)
+#else
+#define NLA_PARSE(t, m, h, l, p, e)            nla_parse(t, m, h, l, p)
+#define NLA_PARSE_NESTED(t, m, n, p, e)                nla_parse_nested(t, m, n, p)
+#endif
+
 #ifdef HAVE_STATE_IN_XT_ACTION_PARAM
 #define XAP_STATE(par)         (par->state)
 #else
index d7ef329cf8fd77dc04cff42cea1e8a9871d5f6a5..6d6c1d77839f53b193fdeeaab9f2f83dfa0510ce 100644 (file)
@@ -300,7 +300,8 @@ ip_set_get_ipaddr4(struct nlattr *nla,  __be32 *ipaddr)
 
        if (unlikely(!flag_nested(nla)))
                return -IPSET_ERR_PROTOCOL;
-       if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy))
+       if (NLA_PARSE_NESTED(tb, IPSET_ATTR_IPADDR_MAX, nla,
+                            ipaddr_policy, NULL))
                return -IPSET_ERR_PROTOCOL;
        if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV4)))
                return -IPSET_ERR_PROTOCOL;
@@ -318,7 +319,8 @@ ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr)
        if (unlikely(!flag_nested(nla)))
                return -IPSET_ERR_PROTOCOL;
 
-       if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy))
+       if (NLA_PARSE_NESTED(tb, IPSET_ATTR_IPADDR_MAX, nla,
+                            ipaddr_policy, NULL))
                return -IPSET_ERR_PROTOCOL;
        if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV6)))
                return -IPSET_ERR_PROTOCOL;
@@ -913,8 +915,8 @@ IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl,
 
        /* Without holding any locks, create private part. */
        if (attr[IPSET_ATTR_DATA] &&
-           nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA],
-                            set->type->create_policy)) {
+           NLA_PARSE_NESTED(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA],
+                            set->type->create_policy, NULL)) {
                ret = -IPSET_ERR_PROTOCOL;
                goto put_out;
        }
@@ -1269,8 +1271,8 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst)
        ip_set_id_t index;
 
        /* Second pass, so parser can't fail */
-       nla_parse(cda, IPSET_ATTR_CMD_MAX,
-                 attr, nlh->nlmsg_len - min_len, ip_set_setname_policy);
+       NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, attr, nlh->nlmsg_len - min_len,
+                 ip_set_setname_policy, NULL);
 
        if (cda[IPSET_ATTR_SETNAME]) {
                struct ip_set *set;
@@ -1524,9 +1526,8 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
                memcpy(&errmsg->msg, nlh, nlh->nlmsg_len);
                cmdattr = (void *)&errmsg->msg + min_len;
 
-               nla_parse(cda, IPSET_ATTR_CMD_MAX,
-                         cmdattr, nlh->nlmsg_len - min_len,
-                         ip_set_adt_policy);
+               NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, cmdattr,
+                         nlh->nlmsg_len - min_len, ip_set_adt_policy, NULL);
 
                errline = nla_data(cda[IPSET_ATTR_LINENO]);
 
@@ -1571,9 +1572,9 @@ IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl,
 
        use_lineno = !!attr[IPSET_ATTR_LINENO];
        if (attr[IPSET_ATTR_DATA]) {
-               if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX,
+               if (NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX,
                                     attr[IPSET_ATTR_DATA],
-                                    set->type->adt_policy))
+                                    set->type->adt_policy, NULL))
                        return -IPSET_ERR_PROTOCOL;
                ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags,
                              use_lineno);
@@ -1584,8 +1585,8 @@ IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl,
                        memset(tb, 0, sizeof(tb));
                        if (nla_type(nla) != IPSET_ATTR_DATA ||
                            !flag_nested(nla) ||
-                           nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
-                                            set->type->adt_policy))
+                           NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, nla,
+                                            set->type->adt_policy, NULL))
                                return -IPSET_ERR_PROTOCOL;
                        ret = call_ad(ctnl, skb, set, tb, IPSET_ADD,
                                      flags, use_lineno);
@@ -1626,9 +1627,9 @@ IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl,
 
        use_lineno = !!attr[IPSET_ATTR_LINENO];
        if (attr[IPSET_ATTR_DATA]) {
-               if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX,
+               if (NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX,
                                     attr[IPSET_ATTR_DATA],
-                                    set->type->adt_policy))
+                                    set->type->adt_policy, NULL))
                        return -IPSET_ERR_PROTOCOL;
                ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags,
                              use_lineno);
@@ -1639,8 +1640,8 @@ IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl,
                        memset(tb, 0, sizeof(*tb));
                        if (nla_type(nla) != IPSET_ATTR_DATA ||
                            !flag_nested(nla) ||
-                           nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla,
-                                            set->type->adt_policy))
+                           NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, nla,
+                                            set->type->adt_policy, NULL))
                                return -IPSET_ERR_PROTOCOL;
                        ret = call_ad(ctnl, skb, set, tb, IPSET_DEL,
                                      flags, use_lineno);
@@ -1672,8 +1673,8 @@ IPSET_CBFN(ip_set_utest, struct net *net, struct sock *ctnl,
        if (!set)
                return -ENOENT;
 
-       if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA],
-                            set->type->adt_policy))
+       if (NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA],
+                            set->type->adt_policy, NULL))
                return -IPSET_ERR_PROTOCOL;
 
        rcu_read_lock_bh();