netfilter: nf_tables: permit update of set size

author Florian Westphal <fw@strlen.de>

Tue, 6 Jun 2023 12:08:49 +0000 (14:08 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 26 Jun 2023 06:05:57 +0000 (08:05 +0200)
author Florian Westphal <fw@strlen.de>
Tue, 6 Jun 2023 12:08:49 +0000 (14:08 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 26 Jun 2023 06:05:57 +0000 (08:05 +0200)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h

index 2e24ea1..89b1ac4 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1589,6 +1589,7 @@ struct nft_trans_set {
         u64                             timeout;
         bool                            update;
         bool                            bound;
+       u32                             size;
  };
  
  #define nft_trans_set(trans)   \
@@ -1603,6 +1604,8 @@ struct nft_trans_set {
         (((struct nft_trans_set *)trans->data)->timeout)
  #define nft_trans_set_gc_int(trans)    \
         (((struct nft_trans_set *)trans->data)->gc_int)
+#define nft_trans_set_size(trans)      \
+       (((struct nft_trans_set *)trans->data)->size)
  
  struct nft_trans_chain {
         bool                            update;
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c

index 0396fd8..dfd441f 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -483,6 +483,7 @@ static int __nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
                 nft_trans_set_update(trans) = true;
                 nft_trans_set_gc_int(trans) = desc->gc_int;
                 nft_trans_set_timeout(trans) = desc->timeout;
+               nft_trans_set_size(trans) = desc->size;
         }
         nft_trans_commit_list_add_tail(ctx->net, trans);
  
@@ -9428,6 +9429,9 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
  
                                 WRITE_ONCE(set->timeout, nft_trans_set_timeout(trans));
                                 WRITE_ONCE(set->gc_int, nft_trans_set_gc_int(trans));
+
+                               if (nft_trans_set_size(trans))
+                                       WRITE_ONCE(set->size, nft_trans_set_size(trans));
                         } else {
                                 nft_clear(net, nft_trans_set(trans));
                                 /* This avoids hitting -EBUSY when deleting the table
author	Florian Westphal <fw@strlen.de>
	Tue, 6 Jun 2023 12:08:49 +0000 (14:08 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 26 Jun 2023 06:05:57 +0000 (08:05 +0200)
include/net/netfilter/nf_tables.h		patch \| blob \| history
net/netfilter/nf_tables_api.c		patch \| blob \| history