diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-19 01:00:07 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-05-27 22:20:34 +0200 |
| commit | f9382669cf5e75ebc7636bd78e637facf27d53f7 (patch) | |
| tree | 465de466eb9d7e261efb0d030210bf13a6f012f1 /net/netfilter | |
| parent | d9246a53752fdb777ed176d5f091c4ac0e482bba (diff) | |
| download | linux-stable-f9382669cf5e75ebc7636bd78e637facf27d53f7.tar.gz linux-stable-f9382669cf5e75ebc7636bd78e637facf27d53f7.tar.bz2 linux-stable-f9382669cf5e75ebc7636bd78e637facf27d53f7.zip | |
netfilter: nf_tables: pass hook list to nft_{un,}register_flowtable_net_hooks()
This patch prepares for incremental flowtable hook updates.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 87945b4a6789..1505552aaa74 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -6279,23 +6279,24 @@ static void nft_unregister_flowtable_hook(struct net *net, } static void nft_unregister_flowtable_net_hooks(struct net *net, - struct nft_flowtable *flowtable) + struct list_head *hook_list) { struct nft_hook *hook; - list_for_each_entry(hook, &flowtable->hook_list, list) + list_for_each_entry(hook, hook_list, list) nf_unregister_net_hook(net, &hook->ops); } static int nft_register_flowtable_net_hooks(struct net *net, struct nft_table *table, + struct list_head *hook_list, struct nft_flowtable *flowtable) { struct nft_hook *hook, *hook2, *next; struct nft_flowtable *ft; int err, i = 0; - list_for_each_entry(hook, &flowtable->hook_list, list) { + list_for_each_entry(hook, hook_list, list) { list_for_each_entry(ft, &table->flowtables, list) { list_for_each_entry(hook2, &ft->hook_list, list) { if (hook->ops.dev == hook2->ops.dev && @@ -6326,7 +6327,7 @@ static int nft_register_flowtable_net_hooks(struct net *net, return 0; err_unregister_net_hooks: - list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) { + list_for_each_entry_safe(hook, next, hook_list, list) { if (i-- <= 0) break; @@ -6428,7 +6429,9 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk, flowtable->data.priority = flowtable_hook.priority; flowtable->hooknum = flowtable_hook.num; - err = nft_register_flowtable_net_hooks(ctx.net, table, flowtable); + err = nft_register_flowtable_net_hooks(ctx.net, table, + &flowtable->hook_list, + flowtable); if (err < 0) { list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) { list_del_rcu(&hook->list); @@ -7493,7 +7496,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) nft_trans_flowtable(trans), NFT_MSG_DELFLOWTABLE); nft_unregister_flowtable_net_hooks(net, - nft_trans_flowtable(trans)); + &nft_trans_flowtable(trans)->hook_list); break; } } @@ -7652,7 +7655,7 @@ static int __nf_tables_abort(struct net *net, bool autoload) trans->ctx.table->use--; list_del_rcu(&nft_trans_flowtable(trans)->list); nft_unregister_flowtable_net_hooks(net, - nft_trans_flowtable(trans)); + &nft_trans_flowtable(trans)->hook_list); break; case NFT_MSG_DELFLOWTABLE: trans->ctx.table->use++; |