[iptables,v2,4/8] nft: Introduce UDATA_TYPE_COMPAT_EXT

Message ID	20241009114819.15379-5-phil@nwl.cc
State	Accepted
Headers	show Return-Path: <netfilter-devel+bounces-4314-incoming=patchwork.ozlabs.org@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: netfilter-devel@vger.kernel.org Cc: Florian Westphal <fw@strlen.de>, Pablo Neira Ayuso <pablo@netfilter.org>, Jan Engelhardt <jengelh@inai.de> Subject: [iptables PATCH v2 4/8] nft: Introduce UDATA_TYPE_COMPAT_EXT Date: Wed, 9 Oct 2024 13:48:15 +0200 Message-ID: <20241009114819.15379-5-phil@nwl.cc> In-Reply-To: <20241009114819.15379-1-phil@nwl.cc> References: <20241009114819.15379-1-phil@nwl.cc> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	nft: Implement forward compat for future binaries \| expand [iptables,v2,0/8] nft: Implement forward compat for future binaries [iptables,v2,1/8] nft: Make add_log() static [iptables,v2,2/8] nft: ruleparse: Introduce nft_parse_rule_expr() [iptables,v2,3/8] nft: __add_{match,target}() can't fail [iptables,v2,4/8] nft: Introduce UDATA_TYPE_COMPAT_EXT [iptables,v2,5/8] nft-ruleparse: Fallback to compat expressions in userdata [iptables,v2,6/8] nft: Pass nft_handle into add_{action,match}() [iptables,v2,7/8] nft: Embed compat extensions in rule userdata [iptables,v2,8/8] tests: iptables-test: Add nft-compat variant

Message ID

20241009114819.15379-5-phil@nwl.cc

State

Accepted

Headers

From: Phil Sutter <phil@nwl.cc>
To: netfilter-devel@vger.kernel.org
Cc: Florian Westphal <fw@strlen.de>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Jan Engelhardt <jengelh@inai.de>
Subject: [iptables PATCH v2 4/8] nft: Introduce UDATA_TYPE_COMPAT_EXT
Date: Wed,  9 Oct 2024 13:48:15 +0200
Message-ID: <20241009114819.15379-5-phil@nwl.cc>
In-Reply-To: <20241009114819.15379-1-phil@nwl.cc>
References: <20241009114819.15379-1-phil@nwl.cc>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

nft: Implement forward compat for future binaries | expand

Commit Message

Phil Sutter Oct. 9, 2024, 11:48 a.m. UTC

This new rule udata attribute will contain extensions which have been
converted to native nftables expressions for rule parsers to fall back
to.

While at it, export parse_udata_cb() as rule parsing code will call it
in future.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 11 +++--------
 iptables/nft.h | 12 ++++++++++++
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index e629f995b7709..2cc654e2dd91d 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1670,14 +1670,7 @@  int add_counters(struct nftnl_rule *r, uint64_t packets, uint64_t bytes)
 	return 0;
 }
 
-enum udata_type {
-	UDATA_TYPE_COMMENT,
-	UDATA_TYPE_EBTABLES_POLICY,
-	__UDATA_TYPE_MAX,
-};
-#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
-
-static int parse_udata_cb(const struct nftnl_udata *attr, void *data)
+int parse_udata_cb(const struct nftnl_udata *attr, void *data)
 {
 	unsigned char *value = nftnl_udata_get(attr);
 	uint8_t type = nftnl_udata_type(attr);
@@ -1691,6 +1684,8 @@  static int parse_udata_cb(const struct nftnl_udata *attr, void *data)
 		break;
 	case UDATA_TYPE_EBTABLES_POLICY:
 		break;
+	case UDATA_TYPE_COMPAT_EXT:
+		break;
 	default:
 		return 0;
 	}
diff --git a/iptables/nft.h b/iptables/nft.h
index 49653ecea7330..f1a58b9e52865 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -275,4 +275,16 @@  void nft_assert_table_compatible(struct nft_handle *h,
 int ebt_set_user_chain_policy(struct nft_handle *h, const char *table,
 			      const char *chain, const char *policy);
 
+struct nftnl_udata;
+
+enum udata_type {
+	UDATA_TYPE_COMMENT,
+	UDATA_TYPE_EBTABLES_POLICY,
+	UDATA_TYPE_COMPAT_EXT,
+	__UDATA_TYPE_MAX,
+};
+#define UDATA_TYPE_MAX (__UDATA_TYPE_MAX - 1)
+
+int parse_udata_cb(const struct nftnl_udata *attr, void *data);
+
 #endif

[iptables,v2,4/8] nft: Introduce UDATA_TYPE_COMPAT_EXT

Commit Message

Patch