[PATCH net-next 1/2] net: netfilter: export xt_policy match_policy_in() as xt_policy_match_policy_in()

Fri, 12 Jan 2018 04:58:19 -0800 

From: Eyal Birger <e...@metanetworks.com>

Expose this functionality so it could be usable from a tc classifier.

The rename of match_policy_out() is done for consistency though it is not
exported.

Signed-off-by: Eyal Birger <e...@metanetworks.com>
---
 include/net/netfilter/xt_policy.h | 12 ++++++++++++
 net/netfilter/xt_policy.c         | 18 ++++++++++--------
 2 files changed, 22 insertions(+), 8 deletions(-)
 create mode 100644 include/net/netfilter/xt_policy.h

diff --git a/include/net/netfilter/xt_policy.h 
b/include/net/netfilter/xt_policy.h
new file mode 100644
index 0000000..99dcd57
--- /dev/null
+++ b/include/net/netfilter/xt_policy.h
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _XT_POLICY_INT_H
+#define _XT_POLICY_INT_H
+
+#include <linux/skbuff.h>
+#include <linux/netfilter/xt_policy.h>
+
+int xt_policy_match_policy_in(const struct sk_buff *skb,
+                             const struct xt_policy_info *info,
+                             unsigned short family);
+
+#endif /* _XT_POLICY_INT_H */
diff --git a/net/netfilter/xt_policy.c b/net/netfilter/xt_policy.c
index 5639fb0..4f9d0b1 100644
--- a/net/netfilter/xt_policy.c
+++ b/net/netfilter/xt_policy.c
@@ -16,6 +16,7 @@
 #include <linux/netfilter.h>
 #include <linux/netfilter/xt_policy.h>
 #include <linux/netfilter/x_tables.h>
+#include <net/netfilter/xt_policy.h>
 
 MODULE_AUTHOR("Patrick McHardy <ka...@trash.net>");
 MODULE_DESCRIPTION("Xtables: IPsec policy match");
@@ -51,9 +52,9 @@ match_xfrm_state(const struct xfrm_state *x, const struct 
xt_policy_elem *e,
               MATCH(reqid, x->props.reqid);
 }
 
-static int
-match_policy_in(const struct sk_buff *skb, const struct xt_policy_info *info,
-               unsigned short family)
+int xt_policy_match_policy_in(const struct sk_buff *skb,
+                             const struct xt_policy_info *info,
+                             unsigned short family)
 {
        const struct xt_policy_elem *e;
        const struct sec_path *sp = skb->sp;
@@ -80,10 +81,11 @@ match_policy_in(const struct sk_buff *skb, const struct 
xt_policy_info *info,
 
        return strict ? 1 : 0;
 }
+EXPORT_SYMBOL_GPL(xt_policy_match_policy_in);
 
-static int
-match_policy_out(const struct sk_buff *skb, const struct xt_policy_info *info,
-                unsigned short family)
+static int xt_policy_match_policy_out(const struct sk_buff *skb,
+                                     const struct xt_policy_info *info,
+                                     unsigned short family)
 {
        const struct xt_policy_elem *e;
        const struct dst_entry *dst = skb_dst(skb);
@@ -117,9 +119,9 @@ policy_mt(const struct sk_buff *skb, struct xt_action_param 
*par)
        int ret;
 
        if (info->flags & XT_POLICY_MATCH_IN)
-               ret = match_policy_in(skb, info, xt_family(par));
+               ret = xt_policy_match_policy_in(skb, info, xt_family(par));
        else
-               ret = match_policy_out(skb, info, xt_family(par));
+               ret = xt_policy_match_policy_out(skb, info, xt_family(par));
 
        if (ret < 0)
                ret = info->flags & XT_POLICY_MATCH_NONE ? true : false;
-- 
2.7.4

Reply via email to