diff options
| author | David S. Miller <davem@davemloft.net> | 2021-04-27 15:32:54 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2021-04-27 15:32:54 -0700 |
| commit | 0711459095bc9ddb5a0086146d2751e6d5412cbf (patch) | |
| tree | 0cf911953df3ca12f637f87ee7abcc8c01f8afb1 /net/netfilter/nft_socket.c | |
| parent | 69e16d01d1de4f1249869de342915f608feb55d5 (diff) | |
| parent | 7acc0bb490c85012bcbda142b6755fd1fdf1fba1 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
Netfilter updates for net-next
The following patchset contains Netfilter updates for net-next:
1) Add support for the catch-all set element. This special element
can be used to define a default action to be applied in case that
the set lookup returns no matching element.
2) Fix incorrect #ifdef dependencies in the nftables cgroupsv2
support, from Arnd Bergmann.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nft_socket.c')
| -rw-r--r-- | net/netfilter/nft_socket.c | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c index 9c169d100651..d601974c9d2e 100644 --- a/net/netfilter/nft_socket.c +++ b/net/netfilter/nft_socket.c @@ -34,7 +34,7 @@ static void nft_socket_wildcard(const struct nft_pktinfo *pkt, } } -#ifdef CONFIG_CGROUPS +#ifdef CONFIG_SOCK_CGROUP_DATA static noinline bool nft_sock_get_eval_cgroupv2(u32 *dest, const struct nft_pktinfo *pkt, u32 level) { @@ -106,7 +106,7 @@ static void nft_socket_eval(const struct nft_expr *expr, } nft_socket_wildcard(pkt, regs, sk, dest); break; -#ifdef CONFIG_CGROUPS +#ifdef CONFIG_SOCK_CGROUP_DATA case NFT_SOCKET_CGROUPV2: if (!nft_sock_get_eval_cgroupv2(dest, pkt, priv->level)) { regs->verdict.code = NFT_BREAK; @@ -134,7 +134,7 @@ static int nft_socket_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { struct nft_socket *priv = nft_expr_priv(expr); - unsigned int len, level; + unsigned int len; if (!tb[NFTA_SOCKET_DREG] || !tb[NFTA_SOCKET_KEY]) return -EINVAL; @@ -160,7 +160,9 @@ static int nft_socket_init(const struct nft_ctx *ctx, len = sizeof(u32); break; #ifdef CONFIG_CGROUPS - case NFT_SOCKET_CGROUPV2: + case NFT_SOCKET_CGROUPV2: { + unsigned int level; + if (!tb[NFTA_SOCKET_LEVEL]) return -EINVAL; @@ -171,6 +173,7 @@ static int nft_socket_init(const struct nft_ctx *ctx, priv->level = level; len = sizeof(u64); break; + } #endif default: return -EOPNOTSUPP; |