git.baikalelectronics.ru Git - kernel.git/commit

author	Lorenzo Bianconi <lorenzo@kernel.org>
	Thu, 21 Jul 2022 13:42:41 +0000 (15:42 +0200)
committer	Alexei Starovoitov <ast@kernel.org>
	Fri, 22 Jul 2022 04:03:16 +0000 (21:03 -0700)
commit	0063d70400bc361147530d9c5002111627598b2e
tree	d9047f7ff0c1f05ad8765b2b06dbcbfa2826beda	tree \| snapshot
parent	248f24b62266c9c8b6e62648ff12c6c8ea6dd8df	commit \| diff

net: netfilter: Add kfuncs to set and change CT status

Introduce bpf_ct_set_status and bpf_ct_change_status kfunc helpers in
order to set nf_conn field of allocated entry or update nf_conn status
field of existing inserted entry. Use nf_ct_change_status_common to
share the permitted status field changes between netlink and BPF side
by refactoring ctnetlink_change_status.

It is required to introduce two kfuncs taking nf_conn___init and nf_conn
instead of sharing one because KF_TRUSTED_ARGS flag causes strict type
checking. This would disallow passing nf_conn___init to kfunc taking
nf_conn, and vice versa. We cannot remove the KF_TRUSTED_ARGS flag as we
only want to accept refcounted pointers and not e.g. ct->master.

Hence, bpf_ct_set_* kfuncs are meant to be used on allocated CT, and
bpf_ct_change_* kfuncs are meant to be used on inserted or looked up
CT entry.

Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Co-developed-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Signed-off-by: Kumar Kartikeya Dwivedi <memxor@gmail.com>
Link: https://lore.kernel.org/r/20220721134245.2450-10-memxor@gmail.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>

include/net/netfilter/nf_conntrack_core.h		diff \| blob \| history
net/netfilter/nf_conntrack_bpf.c		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history