netfilter: nf_tables: notify internal updates of stateful objects

Introduce nf_tables_obj_notify() to notify internal state changes in stateful objects. This is used by the quota object to report depletion in a follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_tables: notify internal updates of stateful objects
Introduce nf_tables_obj_notify() to notify internal state changes in stateful objects. This is used by the quota object to report depletion in a follow up patch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2599e989 · Pablo Neira Ayuso · 43da04a5 · 2599e989 · 2599e989
Commit 2599e989 authored Nov 28, 2016 by Pablo Neira Ayuso
Show whitespace changes
Inline Side-by-side

Showing with 23 additions and 12 deletions

include/net/netfilter/nf_tables.h include/net/netfilter/nf_tables.h +4 -0

net/netfilter/nf_tables_api.c net/netfilter/nf_tables_api.c +19 -12

No files found.
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -969,6 +969,10 @@ struct nft_object *nf_tables_obj_lookup(const struct nft_table *table,
 					const struct nlattr *nla, u32 objtype,
 					u8 genmask);
+int nft_obj_notify(struct net *net, struct nft_table *table,
+		   struct nft_object *obj, u32 portid, u32 seq,
+		   int event, int family, int report, gfp_t gfp);
 /**
 *	struct nft_object_type - stateful object type
 *

--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4282,38 +4282,45 @@ static int nf_tables_delobj(struct net *net, struct sock *nlsk,
 	return nft_delobj(&ctx, obj);
 }
-static int nf_tables_obj_notify(const struct nft_ctx *ctx,
+int nft_obj_notify(struct net *net, struct nft_table *table,
-				struct nft_object *obj, int event)
+		   struct nft_object *obj, u32 portid, u32 seq, int event,
+		   int family, int report, gfp_t gfp)
 {
 	struct sk_buff *skb;
 	int err;
-	if (!ctx->report &&
+	if (!report &&
-	    !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
+	    !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
 		return 0;
 	err = -ENOBUFS;
-	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+	skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
 	if (skb == NULL)
 		goto err;
-	err = nf_tables_fill_obj_info(skb, ctx->net, ctx->portid, ctx->seq,
+	err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family,
-				      event, 0, ctx->afi->family, ctx->table,
+				      table, obj, false);
-				      obj, false);
 	if (err < 0) {
 		kfree_skb(skb);
 		goto err;
 	}
-	err = nfnetlink_send(skb, ctx->net, ctx->portid, NFNLGRP_NFTABLES,
+	err = nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
-			     ctx->report, GFP_KERNEL);
 err:
 	if (err < 0) {
-		nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES,
+		nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, err);
-				  err);
 	}
 	return err;
 }
+EXPORT_SYMBOL_GPL(nft_obj_notify);
+static int nf_tables_obj_notify(const struct nft_ctx *ctx,
+				struct nft_object *obj, int event)
+{
+	return nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid,
+			      ctx->seq, event, ctx->afi->family, ctx->report,
+			      GFP_KERNEL);
+}
 static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
 				   u32 portid, u32 seq)