diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-10 13:39:42 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-10 23:47:32 +0100 |
| commit | 086f332167d64b645d37405854f049b9ad7371ab (patch) | |
| tree | 971692c02428ad47dcaa0b4a75751b3befc01658 /include | |
| parent | net: add __netdev_alloc_pcpu_stats() to indicate gfp flags (diff) | |
| download | linux-dev-086f332167d64b645d37405854f049b9ad7371ab.tar.xz linux-dev-086f332167d64b645d37405854f049b9ad7371ab.zip | |
netfilter: nf_tables: add clone interface to expression operations
With the conversion of the counter expressions to make it percpu, we
need to clone the percpu memory area, otherwise we crash when using
counters from flow tables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index c9149cc0a02d..4bd7508bedc9 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -618,6 +618,8 @@ struct nft_expr_ops { void (*eval)(const struct nft_expr *expr, struct nft_regs *regs, const struct nft_pktinfo *pkt); + int (*clone)(struct nft_expr *dst, + const struct nft_expr *src); unsigned int size; int (*init)(const struct nft_ctx *ctx, @@ -660,10 +662,20 @@ void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr); int nft_expr_dump(struct sk_buff *skb, unsigned int attr, const struct nft_expr *expr); -static inline void nft_expr_clone(struct nft_expr *dst, struct nft_expr *src) +static inline int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src) { + int err; + __module_get(src->ops->type->owner); - memcpy(dst, src, src->ops->size); + if (src->ops->clone) { + dst->ops = src->ops; + err = src->ops->clone(dst, src); + if (err < 0) + return err; + } else { + memcpy(dst, src, src->ops->size); + } + return 0; } /** |