I'm not sure if every change is appropriate, but there is certainly some inconsistency between this header file in the kernel and in here. A review might be necessary even if this patch is not to be allpied. -- 8< -- Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx> --- include/linux/netfilter/nf_tables.h | 28 +++++++++++++++++----------- src/expr/ct.c | 1 - src/expr/rt.c | 1 - src/flowtable.c | 13 ------------- 4 files changed, 17 insertions(+), 26 deletions(-) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 48b095e..9c71f02 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1,10 +1,12 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef _LINUX_NF_TABLES_H #define _LINUX_NF_TABLES_H -#define NFT_TABLE_MAXNAMELEN 32 -#define NFT_CHAIN_MAXNAMELEN 32 -#define NFT_SET_MAXNAMELEN 32 -#define NFT_OBJ_MAXNAMELEN 32 +#define NFT_NAME_MAXLEN 256 +#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_CHAIN_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN #define NFT_USERDATA_MAXLEN 256 /** @@ -317,7 +319,7 @@ enum nft_set_desc_attributes { * @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32) * @NFTA_SET_USERDATA: user data (NLA_BINARY) * @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*) - * @NFTA_SET_HANDLE: numerical table handle (NLA_U64) + * @NFTA_SET_HANDLE: set handle (NLA_U64) */ enum nft_set_attributes { NFTA_SET_UNSPEC, @@ -822,13 +824,16 @@ enum nft_meta_keys { * @NFT_RT_CLASSID: realm value of packet's route (skb->dst->tclassid) * @NFT_RT_NEXTHOP4: routing nexthop for IPv4 * @NFT_RT_NEXTHOP6: routing nexthop for IPv6 + * @NFT_RT_TCPMSS: fetch current path tcp mss */ enum nft_rt_keys { NFT_RT_CLASSID, NFT_RT_NEXTHOP4, NFT_RT_NEXTHOP6, NFT_RT_TCPMSS, + __NFT_RT_MAX }; +#define NFT_RT_MAX (__NFT_RT_MAX - 1) /** * enum nft_hash_types - nf_tables hash expression types @@ -950,7 +955,9 @@ enum nft_ct_keys { NFT_CT_DST_IP, NFT_CT_SRC_IP6, NFT_CT_DST_IP6, + __NFT_CT_MAX }; +#define NFT_CT_MAX (__NFT_CT_MAX - 1) /** * enum nft_ct_attributes - nf_tables ct expression netlink attributes @@ -1259,6 +1266,8 @@ enum nft_objref_attributes { enum nft_gen_attributes { NFTA_GEN_UNSPEC, NFTA_GEN_ID, + NFTA_GEN_PROC_PID, + NFTA_GEN_PROC_NAME, __NFTA_GEN_MAX }; #define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1) @@ -1322,10 +1331,10 @@ enum nft_ct_helper_attributes { * * @NFTA_OBJ_TABLE: name of the table containing the expression (NLA_STRING) * @NFTA_OBJ_NAME: name of this expression type (NLA_STRING) - * @NFTA_OBJ_HANDLE: numeric object handle (NLA_U64) * @NFTA_OBJ_TYPE: stateful object type (NLA_U32) * @NFTA_OBJ_DATA: stateful object data (NLA_NESTED) * @NFTA_OBJ_USE: number of references to this expression (NLA_U32) + * @NFTA_OBJ_HANDLE: object handle (NLA_U64) */ enum nft_object_attributes { NFTA_OBJ_UNSPEC, @@ -1335,6 +1344,7 @@ enum nft_object_attributes { NFTA_OBJ_DATA, NFTA_OBJ_USE, NFTA_OBJ_HANDLE, + NFTA_OBJ_PAD, __NFTA_OBJ_MAX }; #define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) @@ -1347,8 +1357,6 @@ enum nft_object_attributes { * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32) * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32) * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64) - * @NFTA_FLOWTABLE_SIZE: maximum size (NLA_U32) - * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32) */ enum nft_flowtable_attributes { NFTA_FLOWTABLE_UNSPEC, @@ -1358,8 +1366,6 @@ enum nft_flowtable_attributes { NFTA_FLOWTABLE_USE, NFTA_FLOWTABLE_HANDLE, NFTA_FLOWTABLE_PAD, - NFTA_FLOWTABLE_SIZE, - NFTA_FLOWTABLE_FLAGS, __NFTA_FLOWTABLE_MAX }; #define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1) @@ -1453,7 +1459,7 @@ enum nft_trace_types { * @NFTA_NG_TYPE: operation type (NLA_U32) * @NFTA_NG_OFFSET: offset to be added to the counter (NLA_U32) * @NFTA_NG_SET_NAME: name of the map to lookup (NLA_STRING) - * @NFTA_NG_SET_ID: if of the map (NLA_U32) + * @NFTA_NG_SET_ID: id of the map (NLA_U32) */ enum nft_ng_attributes { NFTA_NG_UNSPEC, diff --git a/src/expr/ct.c b/src/expr/ct.c index d4dd1d9..f0f039e 100644 --- a/src/expr/ct.c +++ b/src/expr/ct.c @@ -175,7 +175,6 @@ static const char *ctkey2str_array[NFT_CT_MAX] = { [NFT_CT_SRC_IP] = "src_ip", [NFT_CT_DST_IP] = "dst_ip", [NFT_CT_SRC_IP6] = "src_ip6", - [NFT_CT_DST_IP6] = "dst_ip6", }; static const char *ctkey2str(uint32_t ctkey) diff --git a/src/expr/rt.c b/src/expr/rt.c index 62c01a0..ebd5f44 100644 --- a/src/expr/rt.c +++ b/src/expr/rt.c @@ -120,7 +120,6 @@ static const char *rt_key2str_array[NFT_RT_MAX] = { [NFT_RT_CLASSID] = "classid", [NFT_RT_NEXTHOP4] = "nexthop4", [NFT_RT_NEXTHOP6] = "nexthop6", - [NFT_RT_TCPMSS] = "tcpmss", }; static const char *rt_key2str(uint8_t key) diff --git a/src/flowtable.c b/src/flowtable.c index c1ddae4..b4fc50a 100644 --- a/src/flowtable.c +++ b/src/flowtable.c @@ -294,12 +294,8 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh, } mnl_attr_nest_end(nlh, nest); } - if (c->flags & (1 << NFTNL_FLOWTABLE_FLAGS)) - mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_FLAGS, htonl(c->ft_flags)); if (c->flags & (1 << NFTNL_FLOWTABLE_USE)) mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_USE, htonl(c->use)); - if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE)) - mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size)); } EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload); @@ -321,7 +317,6 @@ static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data) if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0) abi_breakage(); break; - case NFTA_FLOWTABLE_FLAGS: case NFTA_FLOWTABLE_USE: if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0) abi_breakage(); @@ -442,18 +437,10 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab if (ret < 0) return ret; } - if (tb[NFTA_FLOWTABLE_FLAGS]) { - c->ft_flags = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_FLAGS])); - c->flags |= (1 << NFTNL_FLOWTABLE_FLAGS); - } if (tb[NFTA_FLOWTABLE_USE]) { c->use = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_USE])); c->flags |= (1 << NFTNL_FLOWTABLE_USE); } - if (tb[NFTA_FLOWTABLE_SIZE]) { - c->size = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_SIZE])); - c->flags |= (1 << NFTNL_FLOWTABLE_SIZE); - } c->family = nfg->nfgen_family; c->flags |= (1 << NFTNL_FLOWTABLE_FAMILY); -- ecklm -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html