lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230904130201.14632-1-00107082@163.com>
Date:   Mon,  4 Sep 2023 21:02:02 +0800
From:   David Wang <00107082@....com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     David Wang <00107082@....com>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        netfilter-devel@...r.kernel.org, coreteam@...filter.org,
        linux-kernel@...r.kernel.org, bpf@...r.kernel.org
Subject: [PATCH] uapi/netfilter: Change netfilter hook verdict code definition from macro to enum

As BPF_PROG_TYPE_NETFILTER was added in 6.4, a netfilter
bpf program can attach to netfilter hooks, process package
and return verdict back to netfilter. But those verdict
codes are defined as macro, which could not be compiled
into BTF with btf.c. libbpf, and maybe other bpf tools,
would extract information from BTF and generate a
common header "vmlinux.h". With macro definition, netfilter
bpf program would have to redefine those macro again,
besides including "vmlinux.h".

This code change netfilter hook verdict code definition to
enum, this way,  make it into BTF.

Signed-off-by: David Wang <00107082@....com>
---
 include/uapi/linux/netfilter.h | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h
index 5a79ccb76701..d2f5dfab20dc 100644
--- a/include/uapi/linux/netfilter.h
+++ b/include/uapi/linux/netfilter.h
@@ -8,13 +8,15 @@
 #include <linux/in6.h>
 
 /* Responses from hook functions. */
-#define NF_DROP 0
-#define NF_ACCEPT 1
-#define NF_STOLEN 2
-#define NF_QUEUE 3
-#define NF_REPEAT 4
-#define NF_STOP 5	/* Deprecated, for userspace nf_queue compatibility. */
-#define NF_MAX_VERDICT NF_STOP
+enum {
+	NF_DROP        = 0,
+	NF_ACCEPT      = 1,
+	NF_STOLEN      = 2,
+	NF_QUEUE       = 3,
+	NF_REPEAT      = 4,
+	NF_STOP        = 5,	/* Deprecated, for userspace nf_queue compatibility. */
+	NF_MAX_VERDICT = NF_STOP,
+};
 
 /* we overload the higher bits for encoding auxiliary data such as the queue
  * number or errno values. Not nice, but better than additional function
-- 
2.20.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ