netfilter: nftables: add nft_parse_register_store() and use it

This new function combines the netlink register attribute parser
and the store validation function.

This update requires to replace:

        enum nft_registers      dreg:8;

in many of the expression private areas otherwise compiler complains
with:

        error: cannot take address of bit-field ‘dreg’

when passing the register field as reference.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso 2021-01-25 18:27:22 +01:00
parent 4f16d25c68
commit 345023b0db
22 changed files with 100 additions and 92 deletions

View File

@ -204,10 +204,10 @@ unsigned int nft_parse_register(const struct nlattr *attr);
int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg); int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg);
int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len); int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len);
int nft_validate_register_store(const struct nft_ctx *ctx, int nft_parse_register_store(const struct nft_ctx *ctx,
enum nft_registers reg, const struct nlattr *attr, u8 *dreg,
const struct nft_data *data, const struct nft_data *data,
enum nft_data_types type, unsigned int len); enum nft_data_types type, unsigned int len);
/** /**
* struct nft_userdata - user defined data associated with an object * struct nft_userdata - user defined data associated with an object

View File

@ -27,7 +27,7 @@ struct nft_bitwise_fast_expr {
u32 mask; u32 mask;
u32 xor; u32 xor;
u8 sreg; u8 sreg;
enum nft_registers dreg:8; u8 dreg;
}; };
struct nft_cmp_fast_expr { struct nft_cmp_fast_expr {
@ -40,7 +40,7 @@ struct nft_cmp_fast_expr {
struct nft_immediate_expr { struct nft_immediate_expr {
struct nft_data data; struct nft_data data;
enum nft_registers dreg:8; u8 dreg;
u8 dlen; u8 dlen;
}; };
@ -60,7 +60,7 @@ struct nft_payload {
enum nft_payload_bases base:8; enum nft_payload_bases base:8;
u8 offset; u8 offset;
u8 len; u8 len;
enum nft_registers dreg:8; u8 dreg;
}; };
struct nft_payload_set { struct nft_payload_set {

View File

@ -5,7 +5,7 @@
#include <net/netfilter/nf_tables.h> #include <net/netfilter/nf_tables.h>
struct nft_fib { struct nft_fib {
enum nft_registers dreg:8; u8 dreg;
u8 result; u8 result;
u32 flags; u32 flags;
}; };

View File

@ -7,7 +7,7 @@
struct nft_meta { struct nft_meta {
enum nft_meta_keys key:8; enum nft_meta_keys key:8;
union { union {
enum nft_registers dreg:8; u8 dreg;
u8 sreg; u8 sreg;
}; };
}; };

View File

@ -87,9 +87,8 @@ static int nft_meta_bridge_get_init(const struct nft_ctx *ctx,
return nft_meta_get_init(ctx, expr, tb); return nft_meta_get_init(ctx, expr, tb);
} }
priv->dreg = nft_parse_register(tb[NFTA_META_DREG]); return nft_parse_register_store(ctx, tb[NFTA_META_DREG], &priv->dreg,
return nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE, len);
NFT_DATA_VALUE, len);
} }
static struct nft_expr_type nft_meta_bridge_type; static struct nft_expr_type nft_meta_bridge_type;

View File

@ -4438,6 +4438,12 @@ static int nf_tables_delset(struct net *net, struct sock *nlsk,
return nft_delset(&ctx, set); return nft_delset(&ctx, set);
} }
static int nft_validate_register_store(const struct nft_ctx *ctx,
enum nft_registers reg,
const struct nft_data *data,
enum nft_data_types type,
unsigned int len);
static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx, static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx,
struct nft_set *set, struct nft_set *set,
const struct nft_set_iter *iter, const struct nft_set_iter *iter,
@ -8675,10 +8681,11 @@ EXPORT_SYMBOL_GPL(nft_parse_register_load);
* A value of NULL for the data means that its runtime gathered * A value of NULL for the data means that its runtime gathered
* data. * data.
*/ */
int nft_validate_register_store(const struct nft_ctx *ctx, static int nft_validate_register_store(const struct nft_ctx *ctx,
enum nft_registers reg, enum nft_registers reg,
const struct nft_data *data, const struct nft_data *data,
enum nft_data_types type, unsigned int len) enum nft_data_types type,
unsigned int len)
{ {
int err; int err;
@ -8710,7 +8717,24 @@ int nft_validate_register_store(const struct nft_ctx *ctx,
return 0; return 0;
} }
} }
EXPORT_SYMBOL_GPL(nft_validate_register_store);
int nft_parse_register_store(const struct nft_ctx *ctx,
const struct nlattr *attr, u8 *dreg,
const struct nft_data *data,
enum nft_data_types type, unsigned int len)
{
int err;
u32 reg;
reg = nft_parse_register(attr);
err = nft_validate_register_store(ctx, reg, data, type, len);
if (err < 0)
return err;
*dreg = reg;
return 0;
}
EXPORT_SYMBOL_GPL(nft_parse_register_store);
static const struct nla_policy nft_verdict_policy[NFTA_VERDICT_MAX + 1] = { static const struct nla_policy nft_verdict_policy[NFTA_VERDICT_MAX + 1] = {
[NFTA_VERDICT_CODE] = { .type = NLA_U32 }, [NFTA_VERDICT_CODE] = { .type = NLA_U32 },

View File

@ -17,7 +17,7 @@
struct nft_bitwise { struct nft_bitwise {
u8 sreg; u8 sreg;
enum nft_registers dreg:8; u8 dreg;
enum nft_bitwise_ops op:8; enum nft_bitwise_ops op:8;
u8 len; u8 len;
struct nft_data mask; struct nft_data mask;
@ -174,9 +174,9 @@ static int nft_bitwise_init(const struct nft_ctx *ctx,
if (err < 0) if (err < 0)
return err; return err;
priv->dreg = nft_parse_register(tb[NFTA_BITWISE_DREG]); err = nft_parse_register_store(ctx, tb[NFTA_BITWISE_DREG],
err = nft_validate_register_store(ctx, priv->dreg, NULL, &priv->dreg, NULL, NFT_DATA_VALUE,
NFT_DATA_VALUE, priv->len); priv->len);
if (err < 0) if (err < 0)
return err; return err;
@ -320,9 +320,8 @@ static int nft_bitwise_fast_init(const struct nft_ctx *ctx,
if (err < 0) if (err < 0)
return err; return err;
priv->dreg = nft_parse_register(tb[NFTA_BITWISE_DREG]); err = nft_parse_register_store(ctx, tb[NFTA_BITWISE_DREG], &priv->dreg,
err = nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE, sizeof(u32));
NFT_DATA_VALUE, sizeof(u32));
if (err < 0) if (err < 0)
return err; return err;

View File

@ -17,7 +17,7 @@
struct nft_byteorder { struct nft_byteorder {
u8 sreg; u8 sreg;
enum nft_registers dreg:8; u8 dreg;
enum nft_byteorder_ops op:8; enum nft_byteorder_ops op:8;
u8 len; u8 len;
u8 size; u8 size;
@ -142,9 +142,9 @@ static int nft_byteorder_init(const struct nft_ctx *ctx,
if (err < 0) if (err < 0)
return err; return err;
priv->dreg = nft_parse_register(tb[NFTA_BYTEORDER_DREG]); return nft_parse_register_store(ctx, tb[NFTA_BYTEORDER_DREG],
return nft_validate_register_store(ctx, priv->dreg, NULL, &priv->dreg, NULL, NFT_DATA_VALUE,
NFT_DATA_VALUE, priv->len); priv->len);
} }
static int nft_byteorder_dump(struct sk_buff *skb, const struct nft_expr *expr) static int nft_byteorder_dump(struct sk_buff *skb, const struct nft_expr *expr)

View File

@ -27,7 +27,7 @@ struct nft_ct {
enum nft_ct_keys key:8; enum nft_ct_keys key:8;
enum ip_conntrack_dir dir:8; enum ip_conntrack_dir dir:8;
union { union {
enum nft_registers dreg:8; u8 dreg;
u8 sreg; u8 sreg;
}; };
}; };
@ -498,9 +498,8 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
} }
} }
priv->dreg = nft_parse_register(tb[NFTA_CT_DREG]); err = nft_parse_register_store(ctx, tb[NFTA_CT_DREG], &priv->dreg, NULL,
err = nft_validate_register_store(ctx, priv->dreg, NULL, NFT_DATA_VALUE, len);
NFT_DATA_VALUE, len);
if (err < 0) if (err < 0)
return err; return err;

View File

@ -19,7 +19,7 @@ struct nft_exthdr {
u8 offset; u8 offset;
u8 len; u8 len;
u8 op; u8 op;
enum nft_registers dreg:8; u8 dreg;
u8 sreg; u8 sreg;
u8 flags; u8 flags;
}; };
@ -350,12 +350,12 @@ static int nft_exthdr_init(const struct nft_ctx *ctx,
priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]); priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]);
priv->offset = offset; priv->offset = offset;
priv->len = len; priv->len = len;
priv->dreg = nft_parse_register(tb[NFTA_EXTHDR_DREG]);
priv->flags = flags; priv->flags = flags;
priv->op = op; priv->op = op;
return nft_validate_register_store(ctx, priv->dreg, NULL, return nft_parse_register_store(ctx, tb[NFTA_EXTHDR_DREG],
NFT_DATA_VALUE, priv->len); &priv->dreg, NULL, NFT_DATA_VALUE,
priv->len);
} }
static int nft_exthdr_tcp_set_init(const struct nft_ctx *ctx, static int nft_exthdr_tcp_set_init(const struct nft_ctx *ctx,

View File

@ -86,7 +86,6 @@ int nft_fib_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
return -EINVAL; return -EINVAL;
priv->result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT])); priv->result = ntohl(nla_get_be32(tb[NFTA_FIB_RESULT]));
priv->dreg = nft_parse_register(tb[NFTA_FIB_DREG]);
switch (priv->result) { switch (priv->result) {
case NFT_FIB_RESULT_OIF: case NFT_FIB_RESULT_OIF:
@ -106,8 +105,8 @@ int nft_fib_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
return -EINVAL; return -EINVAL;
} }
err = nft_validate_register_store(ctx, priv->dreg, NULL, err = nft_parse_register_store(ctx, tb[NFTA_FIB_DREG], &priv->dreg,
NFT_DATA_VALUE, len); NULL, NFT_DATA_VALUE, len);
if (err < 0) if (err < 0)
return err; return err;

View File

@ -15,7 +15,7 @@
struct nft_jhash { struct nft_jhash {
u8 sreg; u8 sreg;
enum nft_registers dreg:8; u8 dreg;
u8 len; u8 len;
bool autogen_seed:1; bool autogen_seed:1;
u32 modulus; u32 modulus;
@ -38,7 +38,7 @@ static void nft_jhash_eval(const struct nft_expr *expr,
} }
struct nft_symhash { struct nft_symhash {
enum nft_registers dreg:8; u8 dreg;
u32 modulus; u32 modulus;
u32 offset; u32 offset;
}; };
@ -83,8 +83,6 @@ static int nft_jhash_init(const struct nft_ctx *ctx,
if (tb[NFTA_HASH_OFFSET]) if (tb[NFTA_HASH_OFFSET])
priv->offset = ntohl(nla_get_be32(tb[NFTA_HASH_OFFSET])); priv->offset = ntohl(nla_get_be32(tb[NFTA_HASH_OFFSET]));
priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len); err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len);
if (err < 0) if (err < 0)
return err; return err;
@ -111,8 +109,8 @@ static int nft_jhash_init(const struct nft_ctx *ctx,
get_random_bytes(&priv->seed, sizeof(priv->seed)); get_random_bytes(&priv->seed, sizeof(priv->seed));
} }
return nft_validate_register_store(ctx, priv->dreg, NULL, return nft_parse_register_store(ctx, tb[NFTA_HASH_DREG], &priv->dreg,
NFT_DATA_VALUE, sizeof(u32)); NULL, NFT_DATA_VALUE, sizeof(u32));
} }
static int nft_symhash_init(const struct nft_ctx *ctx, static int nft_symhash_init(const struct nft_ctx *ctx,
@ -128,8 +126,6 @@ static int nft_symhash_init(const struct nft_ctx *ctx,
if (tb[NFTA_HASH_OFFSET]) if (tb[NFTA_HASH_OFFSET])
priv->offset = ntohl(nla_get_be32(tb[NFTA_HASH_OFFSET])); priv->offset = ntohl(nla_get_be32(tb[NFTA_HASH_OFFSET]));
priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS])); priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS]));
if (priv->modulus < 1) if (priv->modulus < 1)
return -ERANGE; return -ERANGE;
@ -137,8 +133,9 @@ static int nft_symhash_init(const struct nft_ctx *ctx,
if (priv->offset + priv->modulus - 1 < priv->offset) if (priv->offset + priv->modulus - 1 < priv->offset)
return -EOVERFLOW; return -EOVERFLOW;
return nft_validate_register_store(ctx, priv->dreg, NULL, return nft_parse_register_store(ctx, tb[NFTA_HASH_DREG],
NFT_DATA_VALUE, sizeof(u32)); &priv->dreg, NULL, NFT_DATA_VALUE,
sizeof(u32));
} }
static int nft_jhash_dump(struct sk_buff *skb, static int nft_jhash_dump(struct sk_buff *skb,

View File

@ -48,9 +48,9 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
priv->dlen = desc.len; priv->dlen = desc.len;
priv->dreg = nft_parse_register(tb[NFTA_IMMEDIATE_DREG]); err = nft_parse_register_store(ctx, tb[NFTA_IMMEDIATE_DREG],
err = nft_validate_register_store(ctx, priv->dreg, &priv->data, &priv->dreg, &priv->data, desc.type,
desc.type, desc.len); desc.len);
if (err < 0) if (err < 0)
goto err1; goto err1;

View File

@ -18,7 +18,7 @@
struct nft_lookup { struct nft_lookup {
struct nft_set *set; struct nft_set *set;
u8 sreg; u8 sreg;
enum nft_registers dreg:8; u8 dreg;
bool invert; bool invert;
struct nft_set_binding binding; struct nft_set_binding binding;
}; };
@ -100,9 +100,9 @@ static int nft_lookup_init(const struct nft_ctx *ctx,
if (!(set->flags & NFT_SET_MAP)) if (!(set->flags & NFT_SET_MAP))
return -EINVAL; return -EINVAL;
priv->dreg = nft_parse_register(tb[NFTA_LOOKUP_DREG]); err = nft_parse_register_store(ctx, tb[NFTA_LOOKUP_DREG],
err = nft_validate_register_store(ctx, priv->dreg, NULL, &priv->dreg, NULL, set->dtype,
set->dtype, set->dlen); set->dlen);
if (err < 0) if (err < 0)
return err; return err;
} else if (set->flags & NFT_SET_MAP) } else if (set->flags & NFT_SET_MAP)

View File

@ -535,9 +535,8 @@ int nft_meta_get_init(const struct nft_ctx *ctx,
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
priv->dreg = nft_parse_register(tb[NFTA_META_DREG]); return nft_parse_register_store(ctx, tb[NFTA_META_DREG], &priv->dreg,
return nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE, len);
NFT_DATA_VALUE, len);
} }
EXPORT_SYMBOL_GPL(nft_meta_get_init); EXPORT_SYMBOL_GPL(nft_meta_get_init);

View File

@ -16,7 +16,7 @@
static DEFINE_PER_CPU(struct rnd_state, nft_numgen_prandom_state); static DEFINE_PER_CPU(struct rnd_state, nft_numgen_prandom_state);
struct nft_ng_inc { struct nft_ng_inc {
enum nft_registers dreg:8; u8 dreg;
u32 modulus; u32 modulus;
atomic_t counter; atomic_t counter;
u32 offset; u32 offset;
@ -66,11 +66,10 @@ static int nft_ng_inc_init(const struct nft_ctx *ctx,
if (priv->offset + priv->modulus - 1 < priv->offset) if (priv->offset + priv->modulus - 1 < priv->offset)
return -EOVERFLOW; return -EOVERFLOW;
priv->dreg = nft_parse_register(tb[NFTA_NG_DREG]);
atomic_set(&priv->counter, priv->modulus - 1); atomic_set(&priv->counter, priv->modulus - 1);
return nft_validate_register_store(ctx, priv->dreg, NULL, return nft_parse_register_store(ctx, tb[NFTA_NG_DREG], &priv->dreg,
NFT_DATA_VALUE, sizeof(u32)); NULL, NFT_DATA_VALUE, sizeof(u32));
} }
static int nft_ng_dump(struct sk_buff *skb, enum nft_registers dreg, static int nft_ng_dump(struct sk_buff *skb, enum nft_registers dreg,
@ -100,7 +99,7 @@ static int nft_ng_inc_dump(struct sk_buff *skb, const struct nft_expr *expr)
} }
struct nft_ng_random { struct nft_ng_random {
enum nft_registers dreg:8; u8 dreg;
u32 modulus; u32 modulus;
u32 offset; u32 offset;
}; };
@ -140,10 +139,8 @@ static int nft_ng_random_init(const struct nft_ctx *ctx,
prandom_init_once(&nft_numgen_prandom_state); prandom_init_once(&nft_numgen_prandom_state);
priv->dreg = nft_parse_register(tb[NFTA_NG_DREG]); return nft_parse_register_store(ctx, tb[NFTA_NG_DREG], &priv->dreg,
NULL, NFT_DATA_VALUE, sizeof(u32));
return nft_validate_register_store(ctx, priv->dreg, NULL,
NFT_DATA_VALUE, sizeof(u32));
} }
static int nft_ng_random_dump(struct sk_buff *skb, const struct nft_expr *expr) static int nft_ng_random_dump(struct sk_buff *skb, const struct nft_expr *expr)

View File

@ -6,7 +6,7 @@
#include <linux/netfilter/nfnetlink_osf.h> #include <linux/netfilter/nfnetlink_osf.h>
struct nft_osf { struct nft_osf {
enum nft_registers dreg:8; u8 dreg;
u8 ttl; u8 ttl;
u32 flags; u32 flags;
}; };
@ -78,9 +78,9 @@ static int nft_osf_init(const struct nft_ctx *ctx,
priv->flags = flags; priv->flags = flags;
} }
priv->dreg = nft_parse_register(tb[NFTA_OSF_DREG]); err = nft_parse_register_store(ctx, tb[NFTA_OSF_DREG], &priv->dreg,
err = nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE,
NFT_DATA_VALUE, NFT_OSF_MAXGENRELEN); NFT_OSF_MAXGENRELEN);
if (err < 0) if (err < 0)
return err; return err;

View File

@ -144,10 +144,10 @@ static int nft_payload_init(const struct nft_ctx *ctx,
priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE])); priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET])); priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN])); priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN]));
priv->dreg = nft_parse_register(tb[NFTA_PAYLOAD_DREG]);
return nft_validate_register_store(ctx, priv->dreg, NULL, return nft_parse_register_store(ctx, tb[NFTA_PAYLOAD_DREG],
NFT_DATA_VALUE, priv->len); &priv->dreg, NULL, NFT_DATA_VALUE,
priv->len);
} }
static int nft_payload_dump(struct sk_buff *skb, const struct nft_expr *expr) static int nft_payload_dump(struct sk_buff *skb, const struct nft_expr *expr)

View File

@ -15,7 +15,7 @@
struct nft_rt { struct nft_rt {
enum nft_rt_keys key:8; enum nft_rt_keys key:8;
enum nft_registers dreg:8; u8 dreg;
}; };
static u16 get_tcpmss(const struct nft_pktinfo *pkt, const struct dst_entry *skbdst) static u16 get_tcpmss(const struct nft_pktinfo *pkt, const struct dst_entry *skbdst)
@ -141,9 +141,8 @@ static int nft_rt_get_init(const struct nft_ctx *ctx,
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
priv->dreg = nft_parse_register(tb[NFTA_RT_DREG]); return nft_parse_register_store(ctx, tb[NFTA_RT_DREG], &priv->dreg,
return nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE, len);
NFT_DATA_VALUE, len);
} }
static int nft_rt_get_dump(struct sk_buff *skb, static int nft_rt_get_dump(struct sk_buff *skb,

View File

@ -10,7 +10,7 @@
struct nft_socket { struct nft_socket {
enum nft_socket_keys key:8; enum nft_socket_keys key:8;
union { union {
enum nft_registers dreg:8; u8 dreg;
}; };
}; };
@ -133,9 +133,8 @@ static int nft_socket_init(const struct nft_ctx *ctx,
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
priv->dreg = nft_parse_register(tb[NFTA_SOCKET_DREG]); return nft_parse_register_store(ctx, tb[NFTA_SOCKET_DREG], &priv->dreg,
return nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE, len);
NFT_DATA_VALUE, len);
} }
static int nft_socket_dump(struct sk_buff *skb, static int nft_socket_dump(struct sk_buff *skb,

View File

@ -15,7 +15,7 @@
struct nft_tunnel { struct nft_tunnel {
enum nft_tunnel_keys key:8; enum nft_tunnel_keys key:8;
enum nft_registers dreg:8; u8 dreg;
enum nft_tunnel_mode mode:8; enum nft_tunnel_mode mode:8;
}; };
@ -93,8 +93,6 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx,
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
priv->dreg = nft_parse_register(tb[NFTA_TUNNEL_DREG]);
if (tb[NFTA_TUNNEL_MODE]) { if (tb[NFTA_TUNNEL_MODE]) {
priv->mode = ntohl(nla_get_be32(tb[NFTA_TUNNEL_MODE])); priv->mode = ntohl(nla_get_be32(tb[NFTA_TUNNEL_MODE]));
if (priv->mode > NFT_TUNNEL_MODE_MAX) if (priv->mode > NFT_TUNNEL_MODE_MAX)
@ -103,8 +101,8 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx,
priv->mode = NFT_TUNNEL_MODE_NONE; priv->mode = NFT_TUNNEL_MODE_NONE;
} }
return nft_validate_register_store(ctx, priv->dreg, NULL, return nft_parse_register_store(ctx, tb[NFTA_TUNNEL_DREG], &priv->dreg,
NFT_DATA_VALUE, len); NULL, NFT_DATA_VALUE, len);
} }
static int nft_tunnel_get_dump(struct sk_buff *skb, static int nft_tunnel_get_dump(struct sk_buff *skb,

View File

@ -24,7 +24,7 @@ static const struct nla_policy nft_xfrm_policy[NFTA_XFRM_MAX + 1] = {
struct nft_xfrm { struct nft_xfrm {
enum nft_xfrm_keys key:8; enum nft_xfrm_keys key:8;
enum nft_registers dreg:8; u8 dreg;
u8 dir; u8 dir;
u8 spnum; u8 spnum;
}; };
@ -86,9 +86,8 @@ static int nft_xfrm_get_init(const struct nft_ctx *ctx,
priv->spnum = spnum; priv->spnum = spnum;
priv->dreg = nft_parse_register(tb[NFTA_XFRM_DREG]); return nft_parse_register_store(ctx, tb[NFTA_XFRM_DREG], &priv->dreg,
return nft_validate_register_store(ctx, priv->dreg, NULL, NULL, NFT_DATA_VALUE, len);
NFT_DATA_VALUE, len);
} }
/* Return true if key asks for daddr/saddr and current /* Return true if key asks for daddr/saddr and current