netfilter: nf_tables: variable sized set element keys / data

This patch changes sets to support variable sized set element keys / data up to 64 bytes each by using variable sized set extensions. This allows to use concatenations with bigger data items suchs as IPv6 addresses. As a side effect, small keys/data now don't require the full 16 bytes of struct nft_data anymore but just the space they need. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2015-04-11 02:27:39 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-04-13 17:17:31 +0200
commit: 7d7402642eaf385aef0772eff5a35e34fc4995d7 (patch)
tree: 340e51ce8070314a423634a21a3dc31fe3e6b0c9 /net/netfilter/nft_rbtree.c
parent: d0a11fc3dc4ab4c717642c9c15c8ad1cbc00d2ec (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_rbtree.c b/net/netfilter/nft_rbtree.c
index b888e0cdf1e2..1c30f41cff5b 100644
--- a/net/netfilter/nft_rbtree.c
+++ b/net/netfilter/nft_rbtree.c
@@ -152,7 +152,8 @@ static void *nft_rbtree_deactivate(const struct nft_set *set,
 	while (parent != NULL) {
 		rbe = rb_entry(parent, struct nft_rbtree_elem, node);
 
-		d = memcmp(nft_set_ext_key(&rbe->ext), &elem->key, set->klen);
+		d = memcmp(nft_set_ext_key(&rbe->ext), &elem->key.val,
+					   set->klen);
 		if (d < 0)
 			parent = parent->rb_left;
 		else if (d > 0)
author	Patrick McHardy <kaber@trash.net>	2015-04-11 02:27:39 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-04-13 17:17:31 +0200
commit	7d7402642eaf385aef0772eff5a35e34fc4995d7 (patch)
tree	340e51ce8070314a423634a21a3dc31fe3e6b0c9 /net/netfilter/nft_rbtree.c
parent	d0a11fc3dc4ab4c717642c9c15c8ad1cbc00d2ec (diff)