netfilter: provide nft_ctx in object init function

this is needed by the upcoming ct helper object type --
we'd like to be able use the table family (ip, ip6, inet) to figure
out which helper has to be requested.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index f0d46726d06ec7c79f40eede10dd32034662bed8..49436849d7d71906d578837b0ce78d66cb765048 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1017,7 +1017,8 @@ struct nft_object_type {
        unsigned int                    maxattr;
        struct module                   *owner;
        const struct nla_policy         *policy;
-       int                             (*init)(const struct nlattr * const tb[],
+       int                             (*init)(const struct nft_ctx *ctx,
+                                               const struct nlattr *const tb[],
                                                struct nft_object *obj);
        void                            (*destroy)(struct nft_object *obj);
        int                             (*dump)(struct sk_buff *skb,

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 4559f5d66bccf7764ba34add84dd2c96ae08f328..12cc5218de96f471143e558c3137e336cd4a44c1 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4095,7 +4095,8 @@ static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
        [NFTA_OBJ_DATA]         = { .type = NLA_NESTED },
 };
 
-static struct nft_object *nft_obj_init(const struct nft_object_type *type,
+static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
+                                      const struct nft_object_type *type,
                                       const struct nlattr *attr)
 {
        struct nlattr *tb[type->maxattr + 1];
@@ -4115,7 +4116,7 @@ static struct nft_object *nft_obj_init(const struct nft_object_type *type,
        if (obj == NULL)
                goto err1;
 
-       err = type->init((const struct nlattr * const *)tb, obj);
+       err = type->init(ctx, (const struct nlattr * const *)tb, obj);
        if (err < 0)
                goto err2;
 
@@ -4223,7 +4224,7 @@ static int nf_tables_newobj(struct net *net, struct sock *nlsk,
        if (IS_ERR(type))
                return PTR_ERR(type);
 
-       obj = nft_obj_init(type, nla[NFTA_OBJ_DATA]);
+       obj = nft_obj_init(&ctx, type, nla[NFTA_OBJ_DATA]);
        if (IS_ERR(obj)) {
                err = PTR_ERR(obj);
                goto err1;

diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index 7f84222133414d4a65ed96508c83dea711295c9f..67a710ebde09da21464da4bb22a78a36c791274d 100644 (file)
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -82,7 +82,8 @@ static int nft_counter_do_init(const struct nlattr * const tb[],
        return 0;
 }
 
-static int nft_counter_obj_init(const struct nlattr * const tb[],
+static int nft_counter_obj_init(const struct nft_ctx *ctx,
+                               const struct nlattr * const tb[],
                                struct nft_object *obj)
 {
        struct nft_counter_percpu_priv *priv = nft_obj_data(obj);

diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c
index 2d6fe3559912674385e7679557fc31ddeb901b38..25e33159be57882fcf9875725079188dfaa7d113 100644 (file)
--- a/net/netfilter/nft_quota.c
+++ b/net/netfilter/nft_quota.c
@@ -99,7 +99,8 @@ static int nft_quota_do_init(const struct nlattr * const tb[],
        return 0;
 }
 
-static int nft_quota_obj_init(const struct nlattr * const tb[],
+static int nft_quota_obj_init(const struct nft_ctx *ctx,
+                             const struct nlattr * const tb[],
                              struct nft_object *obj)
 {
        struct nft_quota *priv = nft_obj_data(obj);