On Thu, Mar 27, 2014 at 11:19:32AM +0200, Tomasz Bursztyka wrote:
> Currently, when looking up for the proper expression type, what comes
> first is returned. Which might end up to be a non-family tight type.
> Instead, if a specific family type exist, it will be better to return
> this one.
Easier suggestion:
Change nft_register_expr() to appent NFPROTO_UNSPEC to the end of the
list and prepend all others.
>
> Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@xxxxxxxxxxxxxxx>
> ---
> net/netfilter/nf_tables_api.c | 17 ++++++++++-------
> 1 file changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index adce01e..83de6c1 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -1117,14 +1117,17 @@ EXPORT_SYMBOL_GPL(nft_unregister_expr);
> static const struct nft_expr_type *__nft_expr_type_get(u8 family,
> struct nlattr *nla)
> {
> - const struct nft_expr_type *type;
> -
> - list_for_each_entry(type, &nf_tables_expressions, list) {
> - if (!nla_strcmp(nla, type->name) &&
> - (!type->family || type->family == family))
> - return type;
> + const struct nft_expr_type *test, *type = NULL;
> +
> + list_for_each_entry(test, &nf_tables_expressions, list) {
> + if (!nla_strcmp(nla, test->name)) {
> + if (test->family == family)
> + return test;
> + if (!test->family)
> + type = test;
> + }
> }
> - return NULL;
> + return type;
> }
>
> static const struct nft_expr_type *nft_expr_type_get(u8 family,
> --
> 1.8.3.2
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
