};
#define NFT_REG_MAX (__NFT_REG_MAX - 1)
+#ifdef __KERNEL__
+#define NFT_REG32_MAX NFT_REG32_15
+#endif
+
#define NFT_REG_SIZE 16
#define NFT_REG32_SIZE 4
#define NFT_REG32_COUNT (NFT_REG32_15 - NFT_REG32_00 + 1)
}
static const struct nla_policy nft_bitwise_policy[NFTA_BITWISE_MAX + 1] = {
- [NFTA_BITWISE_SREG] = { .type = NLA_U32 },
- [NFTA_BITWISE_SREG2] = { .type = NLA_U32 },
- [NFTA_BITWISE_DREG] = { .type = NLA_U32 },
+ [NFTA_BITWISE_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
+ [NFTA_BITWISE_SREG2] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
+ [NFTA_BITWISE_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_BITWISE_LEN] = { .type = NLA_U32 },
[NFTA_BITWISE_MASK] = { .type = NLA_NESTED },
[NFTA_BITWISE_XOR] = { .type = NLA_NESTED },
}
static const struct nla_policy nft_byteorder_policy[NFTA_BYTEORDER_MAX + 1] = {
- [NFTA_BYTEORDER_SREG] = { .type = NLA_U32 },
- [NFTA_BYTEORDER_DREG] = { .type = NLA_U32 },
+ [NFTA_BYTEORDER_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
+ [NFTA_BYTEORDER_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_BYTEORDER_OP] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_BYTEORDER_LEN] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_BYTEORDER_SIZE] = NLA_POLICY_MAX(NLA_BE32, 255),
}
static const struct nla_policy nft_cmp_policy[NFTA_CMP_MAX + 1] = {
- [NFTA_CMP_SREG] = { .type = NLA_U32 },
+ [NFTA_CMP_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_CMP_OP] = { .type = NLA_U32 },
[NFTA_CMP_DATA] = { .type = NLA_NESTED },
};
}
static const struct nla_policy nft_ct_policy[NFTA_CT_MAX + 1] = {
- [NFTA_CT_DREG] = { .type = NLA_U32 },
+ [NFTA_CT_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_CT_KEY] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_CT_DIRECTION] = NLA_POLICY_MAX(NLA_U8, IP_CT_DIR_REPLY),
- [NFTA_CT_SREG] = { .type = NLA_U32 },
+ [NFTA_CT_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
};
#ifdef CONFIG_NF_CONNTRACK_ZONES
#endif
static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = {
- [NFTA_EXTHDR_DREG] = { .type = NLA_U32 },
+ [NFTA_EXTHDR_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_EXTHDR_TYPE] = { .type = NLA_U8 },
[NFTA_EXTHDR_OFFSET] = { .type = NLA_U32 },
[NFTA_EXTHDR_LEN] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_EXTHDR_FLAGS] = NLA_POLICY_MASK(NLA_BE32, NFT_EXTHDR_F_PRESENT),
[NFTA_EXTHDR_OP] = NLA_POLICY_MAX(NLA_BE32, 255),
- [NFTA_EXTHDR_SREG] = { .type = NLA_U32 },
+ [NFTA_EXTHDR_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
};
static int nft_exthdr_init(const struct nft_ctx *ctx,
NFTA_FIB_F_PRESENT)
const struct nla_policy nft_fib_policy[NFTA_FIB_MAX + 1] = {
- [NFTA_FIB_DREG] = { .type = NLA_U32 },
+ [NFTA_FIB_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_FIB_RESULT] = { .type = NLA_U32 },
[NFTA_FIB_FLAGS] =
NLA_POLICY_MASK(NLA_BE32, NFTA_FIB_F_ALL),
}
static const struct nla_policy nft_hash_policy[NFTA_HASH_MAX + 1] = {
- [NFTA_HASH_SREG] = { .type = NLA_U32 },
- [NFTA_HASH_DREG] = { .type = NLA_U32 },
+ [NFTA_HASH_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
+ [NFTA_HASH_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_HASH_LEN] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_HASH_MODULUS] = { .type = NLA_U32 },
[NFTA_HASH_SEED] = { .type = NLA_U32 },
}
static const struct nla_policy nft_immediate_policy[NFTA_IMMEDIATE_MAX + 1] = {
- [NFTA_IMMEDIATE_DREG] = { .type = NLA_U32 },
+ [NFTA_IMMEDIATE_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_IMMEDIATE_DATA] = { .type = NLA_NESTED },
};
[NFTA_LOOKUP_SET] = { .type = NLA_STRING,
.len = NFT_SET_MAXNAMELEN - 1 },
[NFTA_LOOKUP_SET_ID] = { .type = NLA_U32 },
- [NFTA_LOOKUP_SREG] = { .type = NLA_U32 },
- [NFTA_LOOKUP_DREG] = { .type = NLA_U32 },
+ [NFTA_LOOKUP_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
+ [NFTA_LOOKUP_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_LOOKUP_FLAGS] =
NLA_POLICY_MASK(NLA_BE32, NFT_LOOKUP_F_INV),
};
EXPORT_SYMBOL_GPL(nft_meta_set_eval);
const struct nla_policy nft_meta_policy[NFTA_META_MAX + 1] = {
- [NFTA_META_DREG] = { .type = NLA_U32 },
+ [NFTA_META_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_META_KEY] = NLA_POLICY_MAX(NLA_BE32, 255),
- [NFTA_META_SREG] = { .type = NLA_U32 },
+ [NFTA_META_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
};
EXPORT_SYMBOL_GPL(nft_meta_policy);
}
static const struct nla_policy nft_ng_policy[NFTA_NG_MAX + 1] = {
- [NFTA_NG_DREG] = { .type = NLA_U32 },
+ [NFTA_NG_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_NG_MODULUS] = { .type = NLA_U32 },
[NFTA_NG_TYPE] = { .type = NLA_U32 },
[NFTA_NG_OFFSET] = { .type = NLA_U32 },
[NFTA_OBJREF_IMM_NAME] = { .type = NLA_STRING,
.len = NFT_OBJ_MAXNAMELEN - 1 },
[NFTA_OBJREF_IMM_TYPE] = { .type = NLA_U32 },
- [NFTA_OBJREF_SET_SREG] = { .type = NLA_U32 },
+ [NFTA_OBJREF_SET_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_OBJREF_SET_NAME] = { .type = NLA_STRING,
.len = NFT_SET_MAXNAMELEN - 1 },
[NFTA_OBJREF_SET_ID] = { .type = NLA_U32 },
};
static const struct nla_policy nft_osf_policy[NFTA_OSF_MAX + 1] = {
- [NFTA_OSF_DREG] = { .type = NLA_U32 },
+ [NFTA_OSF_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_OSF_TTL] = { .type = NLA_U8 },
[NFTA_OSF_FLAGS] = NLA_POLICY_MASK(NLA_BE32, NFT_OSF_F_VERSION),
};
}
static const struct nla_policy nft_payload_policy[NFTA_PAYLOAD_MAX + 1] = {
- [NFTA_PAYLOAD_SREG] = { .type = NLA_U32 },
- [NFTA_PAYLOAD_DREG] = { .type = NLA_U32 },
+ [NFTA_PAYLOAD_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
+ [NFTA_PAYLOAD_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_PAYLOAD_BASE] = { .type = NLA_U32 },
[NFTA_PAYLOAD_OFFSET] = { .type = NLA_BE32 },
[NFTA_PAYLOAD_LEN] = NLA_POLICY_MAX(NLA_BE32, 255),
}
static const struct nla_policy nft_range_policy[NFTA_RANGE_MAX + 1] = {
- [NFTA_RANGE_SREG] = { .type = NLA_U32 },
+ [NFTA_RANGE_SREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_RANGE_OP] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_RANGE_FROM_DATA] = { .type = NLA_NESTED },
[NFTA_RANGE_TO_DATA] = { .type = NLA_NESTED },
}
static const struct nla_policy nft_rt_policy[NFTA_RT_MAX + 1] = {
- [NFTA_RT_DREG] = { .type = NLA_U32 },
+ [NFTA_RT_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_RT_KEY] = NLA_POLICY_MAX(NLA_BE32, 255),
};
static const struct nla_policy nft_socket_policy[NFTA_SOCKET_MAX + 1] = {
[NFTA_SOCKET_KEY] = NLA_POLICY_MAX(NLA_BE32, 255),
- [NFTA_SOCKET_DREG] = { .type = NLA_U32 },
+ [NFTA_SOCKET_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_SOCKET_LEVEL] = NLA_POLICY_MAX(NLA_BE32, 255),
};
static const struct nla_policy nft_tunnel_policy[NFTA_TUNNEL_MAX + 1] = {
[NFTA_TUNNEL_KEY] = NLA_POLICY_MAX(NLA_BE32, 255),
- [NFTA_TUNNEL_DREG] = { .type = NLA_U32 },
+ [NFTA_TUNNEL_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
[NFTA_TUNNEL_MODE] = NLA_POLICY_MAX(NLA_BE32, NFT_TUNNEL_MODE_MAX),
};
[NFTA_XFRM_KEY] = NLA_POLICY_MAX(NLA_BE32, 255),
[NFTA_XFRM_DIR] = NLA_POLICY_MAX(NLA_U8, XFRM_POLICY_OUT),
[NFTA_XFRM_SPNUM] = NLA_POLICY_MAX(NLA_BE32, XFRM_MAX_DEPTH - 1),
- [NFTA_XFRM_DREG] = { .type = NLA_U32 },
+ [NFTA_XFRM_DREG] = NLA_POLICY_MAX(NLA_BE32, NFT_REG32_MAX),
};
struct nft_xfrm {
projects / thirdparty / kernel / linux.git / commitdiff
