Re: [PATCH v2 nf-next] netfilter: nft_socket: Expose socket mark

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Tue, 17 Jul 2018 15:18:11 +0200

Applied with minor comestic, see below.

On Thu, Jul 12, 2018 at 05:48:06PM +0200, Máté Eckl wrote:
> Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx>
> ---
> Formerly: ("netfilter: nf_tables: Expose socket mark")
> v2:
>  - store sk->sk_mark instead of inet_request_mark(sk, skb)
>  - Break evaluation if !sk_fullsock
> 
>  include/uapi/linux/netfilter/nf_tables.h |  4 +++-
>  net/netfilter/nft_socket.c               | 11 +++++++++++
>  2 files changed, 14 insertions(+), 1 deletion(-)
> 
> diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> index 89438e68dc03..f466860bcf75 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -921,10 +921,12 @@ enum nft_socket_attributes {
>  /*
>   * enum nft_socket_keys - nf_tables socket expression keys
>   *
> - * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option_
> + * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option
> + * @NFT_SOCKET_MARK: Value of the socket mark
>   */
>  enum nft_socket_keys {
>  	NFT_SOCKET_TRANSPARENT,
> +	NFT_SOCKET_MARK,
>  	__NFT_SOCKET_MAX
>  };
>  #define NFT_SOCKET_MAX	(__NFT_SOCKET_MAX - 1)
> diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
> index 18b2793a8a67..8b3585f673cd 100644
> --- a/net/netfilter/nft_socket.c
> +++ b/net/netfilter/nft_socket.c
> @@ -51,6 +51,14 @@ static void nft_socket_eval(const struct nft_expr *expr,
>  	case NFT_SOCKET_TRANSPARENT:
>  		nft_reg_store8(dest, inet_sk_transparent(sk));
>  		break;
> +	case NFT_SOCKET_MARK:
> +		if (sk_fullsock(sk))
> +			*dest = sk->sk_mark;

I mangled this to add curly braces the line above.

Please, use curly braces consistently, ie.

                if (...) {
                        ...
                } else {
                        ...
                }

If the else comes with multiple statements, then the if branch uses
curly brances too.

Another side note, switch branches are not a function, so moving
forward, please use:

        switch (blah) {
                ...
        }

instead of:

        switch(blah) {
                ...
        }

I don't blame you for this, I used to do so in old code I wrote
myself, but just letting you know for new code you write ;-).

Same thing applies to if branches.

Thanks!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html