[PATCH v2 2/2] net: nftables: Export set backend name via netlink

Phil Sutter <phil@xxxxxx> · Tue, 3 Apr 2018 23:15:40 +0200

Give all set backends a descriptive name and export it via new
netlink attribute NFTA_SET_OPS.

Via an accompanying patch to libnftnl, the chosen backend can be made
visible to userspace by means of 'nft monitor json'.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 include/net/netfilter/nf_tables.h        | 2 ++
 include/uapi/linux/netfilter/nf_tables.h | 2 ++
 net/netfilter/nf_tables_api.c            | 3 +++
 net/netfilter/nft_set_bitmap.c           | 1 +
 net/netfilter/nft_set_hash.c             | 3 +++
 net/netfilter/nft_set_rbtree.c           | 1 +
 6 files changed, 12 insertions(+)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index ff4723ba51f29..e8e3bfe5d9c3f 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -352,12 +352,14 @@ struct nft_set_ops {
  *      @list: used internally
  *      @owner: module reference
  *      @features: features supported by the implementation
+ *      @name: descriptive name of this set backend
  */
 struct nft_set_type {
 	const struct nft_set_ops	ops;
 	struct list_head		list;
 	struct module			*owner;
 	u32				features;
+	const char			*name;
 };
 #define to_set_type(o) container_of(o, struct nft_set_type, ops)
 
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 6a3d653d5b274..e2716590d203d 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -320,6 +320,7 @@ enum nft_set_desc_attributes {
  * @NFTA_SET_USERDATA: user data (NLA_BINARY)
  * @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*)
  * @NFTA_SET_HANDLE: set handle (NLA_U64)
+ * @NFTA_SET_OPS: name of chosen set ops (NLA_STRING)
  */
 enum nft_set_attributes {
 	NFTA_SET_UNSPEC,
@@ -339,6 +340,7 @@ enum nft_set_attributes {
 	NFTA_SET_PAD,
 	NFTA_SET_OBJ_TYPE,
 	NFTA_SET_HANDLE,
+	NFTA_SET_OPS,
 	__NFTA_SET_MAX
 };
 #define NFTA_SET_MAX		(__NFTA_SET_MAX - 1)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c90e7bf8d63c9..8e9ce40392085 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2831,6 +2831,9 @@ static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx,
 		goto nla_put_failure;
 	nla_nest_end(skb, desc);
 
+	if (nla_put_string(skb, NFTA_SET_OPS, to_set_type(set->ops)->name))
+		goto nla_put_failure;
+
 	nlmsg_end(skb, nlh);
 	return 0;
 
diff --git a/net/netfilter/nft_set_bitmap.c b/net/netfilter/nft_set_bitmap.c
index d6626e01c7ee6..437a146a1a710 100644
--- a/net/netfilter/nft_set_bitmap.c
+++ b/net/netfilter/nft_set_bitmap.c
@@ -297,6 +297,7 @@ static bool nft_bitmap_estimate(const struct nft_set_desc *desc, u32 features,
 }
 
 static struct nft_set_type nft_bitmap_type __read_mostly = {
+	.name		= "bitmap",
 	.owner		= THIS_MODULE,
 	.ops		= {
 		.privsize	= nft_bitmap_privsize,
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index dbf1f4ad077c5..76b0468e248b6 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -639,6 +639,7 @@ static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features
 }
 
 static struct nft_set_type nft_rhash_type __read_mostly = {
+	.name		= "rhash",
 	.owner		= THIS_MODULE,
 	.features	= NFT_SET_MAP | NFT_SET_OBJECT |
 			  NFT_SET_TIMEOUT | NFT_SET_EVAL,
@@ -661,6 +662,7 @@ static struct nft_set_type nft_rhash_type __read_mostly = {
 };
 
 static struct nft_set_type nft_hash_type __read_mostly = {
+	.name		= "hash",
 	.owner		= THIS_MODULE,
 	.features	= NFT_SET_MAP | NFT_SET_OBJECT,
 	.ops		= {
@@ -681,6 +683,7 @@ static struct nft_set_type nft_hash_type __read_mostly = {
 };
 
 static struct nft_set_type nft_hash_fast_type __read_mostly = {
+	.name		= "fast hash",
 	.owner		= THIS_MODULE,
 	.features	= NFT_SET_MAP | NFT_SET_OBJECT,
 	.ops		= {
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 22c57d7612c47..a3d0325e713c0 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -394,6 +394,7 @@ static bool nft_rbtree_estimate(const struct nft_set_desc *desc, u32 features,
 }
 
 static struct nft_set_type nft_rbtree_type __read_mostly = {
+	.name		= "rbtree",
 	.owner		= THIS_MODULE,
 	.features	= NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT,
 	.ops		= {
-- 
2.16.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






