Give all set backends a descriptive name and export it via new netlink attribute NFTA_SET_OPS.
Via an accompanying patch to libnftnl, the chosen backend can be made visible to userspace by means of 'nft monitor json'. Signed-off-by: Phil Sutter <[email protected]> --- include/net/netfilter/nf_tables.h | 2 ++ include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables_api.c | 3 +++ net/netfilter/nft_set_bitmap.c | 1 + net/netfilter/nft_set_hash.c | 3 +++ net/netfilter/nft_set_rbtree.c | 1 + 6 files changed, 12 insertions(+) diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 13e103792dd07..f440edc57457b 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -352,12 +352,14 @@ struct nft_set_ops { * @list: used internally * @owner: module reference * @features: features supported by the implementation + * @name: descriptive name of this set backend */ struct nft_set_type { const struct nft_set_ops ops; struct list_head list; struct module *owner; u32 features; + const char *name; }; #define to_set_type(o) container_of(o, struct nft_set_type, ops) diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 6a3d653d5b274..e2716590d203d 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -320,6 +320,7 @@ enum nft_set_desc_attributes { * @NFTA_SET_USERDATA: user data (NLA_BINARY) * @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*) * @NFTA_SET_HANDLE: set handle (NLA_U64) + * @NFTA_SET_OPS: name of chosen set ops (NLA_STRING) */ enum nft_set_attributes { NFTA_SET_UNSPEC, @@ -339,6 +340,7 @@ enum nft_set_attributes { NFTA_SET_PAD, NFTA_SET_OBJ_TYPE, NFTA_SET_HANDLE, + NFTA_SET_OPS, __NFTA_SET_MAX }; #define NFTA_SET_MAX (__NFTA_SET_MAX - 1) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 1c449175a75a1..d7f759ee14935 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2768,6 +2768,9 @@ static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx, goto nla_put_failure; nla_nest_end(skb, desc); + if (nla_put_string(skb, NFTA_SET_OPS, to_set_type(set->ops)->name)) + goto nla_put_failure; + nlmsg_end(skb, nlh); return 0; diff --git a/net/netfilter/nft_set_bitmap.c b/net/netfilter/nft_set_bitmap.c index d6626e01c7ee6..437a146a1a710 100644 --- a/net/netfilter/nft_set_bitmap.c +++ b/net/netfilter/nft_set_bitmap.c @@ -297,6 +297,7 @@ static bool nft_bitmap_estimate(const struct nft_set_desc *desc, u32 features, } static struct nft_set_type nft_bitmap_type __read_mostly = { + .name = "bitmap", .owner = THIS_MODULE, .ops = { .privsize = nft_bitmap_privsize, diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c index dbf1f4ad077c5..76b0468e248b6 100644 --- a/net/netfilter/nft_set_hash.c +++ b/net/netfilter/nft_set_hash.c @@ -639,6 +639,7 @@ static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features } static struct nft_set_type nft_rhash_type __read_mostly = { + .name = "rhash", .owner = THIS_MODULE, .features = NFT_SET_MAP | NFT_SET_OBJECT | NFT_SET_TIMEOUT | NFT_SET_EVAL, @@ -661,6 +662,7 @@ static struct nft_set_type nft_rhash_type __read_mostly = { }; static struct nft_set_type nft_hash_type __read_mostly = { + .name = "hash", .owner = THIS_MODULE, .features = NFT_SET_MAP | NFT_SET_OBJECT, .ops = { @@ -681,6 +683,7 @@ static struct nft_set_type nft_hash_type __read_mostly = { }; static struct nft_set_type nft_hash_fast_type __read_mostly = { + .name = "fast hash", .owner = THIS_MODULE, .features = NFT_SET_MAP | NFT_SET_OBJECT, .ops = { diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c index 22c57d7612c47..a3d0325e713c0 100644 --- a/net/netfilter/nft_set_rbtree.c +++ b/net/netfilter/nft_set_rbtree.c @@ -394,6 +394,7 @@ static bool nft_rbtree_estimate(const struct nft_set_desc *desc, u32 features, } static struct nft_set_type nft_rbtree_type __read_mostly = { + .name = "rbtree", .owner = THIS_MODULE, .features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT, .ops = { -- 2.16.1 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
