leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: nf_tables: simplify nf_tables_*_notify

Browse Source 
Now that all these function are called from the commit path, we can
pass the context structure to reduce the amount of parameters in all
of the nf_tables_*_notify functions. This patch also removes unneeded
branches to check for skb, nlh and net that should be always set in
the context structure.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
2014-05-05 17:12:40 +02:00
parent 60319eb1ca
commit 35151d840c
1 changed files with 32 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
net/netfilter/nf_tables_api.c
View File

@@ -235,19 +235,16 @@ nla_put_failure:
return -1; return -1;
} }
static int nf_tables_table_notify(const struct sk_buff *oskb, static int nf_tables_table_notify(const struct nft_ctx *ctx, int event)
const struct nlmsghdr *nlh,
const struct nft_table *table,
int event, int family)
{ {
struct sk_buff *skb; struct sk_buff *skb;
u32 portid = oskb ? NETLINK_CB(oskb).portid : 0; u32 portid = NETLINK_CB(ctx->skb).portid;
u32 seq = nlh ? nlh->nlmsg_seq : 0; u32 seq = ctx->nlh->nlmsg_seq;
struct net *net = oskb ? sock_net(oskb->sk) : &init_net; struct net *net = sock_net(ctx->skb->sk);
bool report; bool report;
int err; int err;
report = nlh ? nlmsg_report(nlh) : false; report = nlmsg_report(ctx->nlh);
if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
return 0; return 0;
@@ -257,7 +254,7 @@ static int nf_tables_table_notify(const struct sk_buff *oskb,
goto err; goto err;
err = nf_tables_fill_table_info(skb, portid, seq, event, 0, err = nf_tables_fill_table_info(skb, portid, seq, event, 0,
family, table); ctx->afi->family, ctx->table);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
goto err; goto err;
@@ -721,20 +718,16 @@ nla_put_failure:
return -1; return -1;
} }
static int nf_tables_chain_notify(const struct sk_buff *oskb, static int nf_tables_chain_notify(const struct nft_ctx *ctx, int event)
const struct nlmsghdr *nlh,
const struct nft_table *table,
const struct nft_chain *chain,
int event, int family)
{ {
struct sk_buff *skb; struct sk_buff *skb;
u32 portid = oskb ? NETLINK_CB(oskb).portid : 0; u32 portid = NETLINK_CB(ctx->skb).portid;
struct net *net = oskb ? sock_net(oskb->sk) : &init_net; struct net *net = sock_net(ctx->skb->sk);
u32 seq = nlh ? nlh->nlmsg_seq : 0; u32 seq = ctx->nlh->nlmsg_seq;
bool report; bool report;
int err; int err;
report = nlh ? nlmsg_report(nlh) : false; report = nlmsg_report(ctx->nlh);
if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
return 0; return 0;
@@ -743,8 +736,9 @@ static int nf_tables_chain_notify(const struct sk_buff *oskb,
if (skb == NULL) if (skb == NULL)
goto err; goto err;
err = nf_tables_fill_chain_info(skb, portid, seq, event, 0, family, err = nf_tables_fill_chain_info(skb, portid, seq, event, 0,
table, chain); ctx->afi->family, ctx->table,
ctx->chain);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
goto err; goto err;
@@ -1475,21 +1469,19 @@ nla_put_failure:
return -1; return -1;
} }
static int nf_tables_rule_notify(const struct sk_buff *oskb, static int nf_tables_rule_notify(const struct nft_ctx *ctx,
const struct nlmsghdr *nlh,
const struct nft_table *table,
const struct nft_chain *chain,
const struct nft_rule *rule, const struct nft_rule *rule,
int event, u32 flags, int family) int event)
{ {
const struct sk_buff *oskb = ctx->skb;
struct sk_buff *skb; struct sk_buff *skb;
u32 portid = NETLINK_CB(oskb).portid; u32 portid = NETLINK_CB(oskb).portid;
struct net *net = oskb ? sock_net(oskb->sk) : &init_net; struct net *net = sock_net(oskb->sk);
u32 seq = nlh->nlmsg_seq; u32 seq = ctx->nlh->nlmsg_seq;
bool report; bool report;
int err; int err;
report = nlmsg_report(nlh); report = nlmsg_report(ctx->nlh);
if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
return 0; return 0;
@@ -1498,8 +1490,9 @@ static int nf_tables_rule_notify(const struct sk_buff *oskb,
if (skb == NULL) if (skb == NULL)
goto err; goto err;
err = nf_tables_fill_rule_info(skb, portid, seq, event, flags, err = nf_tables_fill_rule_info(skb, portid, seq, event, 0,
family, table, chain, rule); ctx->afi->family, ctx->table,
ctx->chain, rule);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
goto err; goto err;
@@ -3343,17 +3336,11 @@ static int nf_tables_commit(struct sk_buff *skb)
} else { } else {
trans->ctx.table->flags &= ~NFT_TABLE_INACTIVE; trans->ctx.table->flags &= ~NFT_TABLE_INACTIVE;
} }
nf_tables_table_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_table_notify(&trans->ctx, NFT_MSG_NEWTABLE);
trans->ctx.table,
NFT_MSG_NEWTABLE,
trans->ctx.afi->family);
nft_trans_destroy(trans); nft_trans_destroy(trans);
break; break;
case NFT_MSG_DELTABLE: case NFT_MSG_DELTABLE:
nf_tables_table_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_table_notify(&trans->ctx, NFT_MSG_DELTABLE);
trans->ctx.table,
NFT_MSG_DELTABLE,
trans->ctx.afi->family);
break; break;
case NFT_MSG_NEWCHAIN: case NFT_MSG_NEWCHAIN:
if (nft_trans_chain_update(trans)) if (nft_trans_chain_update(trans))
@@ -3362,20 +3349,12 @@ static int nf_tables_commit(struct sk_buff *skb)
trans->ctx.chain->flags &= ~NFT_CHAIN_INACTIVE; trans->ctx.chain->flags &= ~NFT_CHAIN_INACTIVE;
trans->ctx.table->use++; trans->ctx.table->use++;
} }
nf_tables_chain_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN);
trans->ctx.table,
trans->ctx.chain,
NFT_MSG_NEWCHAIN,
trans->ctx.afi->family);
nft_trans_destroy(trans); nft_trans_destroy(trans);
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
trans->ctx.table->use--; trans->ctx.table->use--;
nf_tables_chain_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
trans->ctx.table,
trans->ctx.chain,
NFT_MSG_DELCHAIN,
trans->ctx.afi->family);
if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) &&
trans->ctx.chain->flags & NFT_BASE_CHAIN) { trans->ctx.chain->flags & NFT_BASE_CHAIN) {
nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops, nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
@@ -3384,21 +3363,16 @@ static int nf_tables_commit(struct sk_buff *skb)
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
nft_rule_clear(trans->ctx.net, nft_trans_rule(trans)); nft_rule_clear(trans->ctx.net, nft_trans_rule(trans));
nf_tables_rule_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_rule_notify(&trans->ctx,
trans->ctx.table,
trans->ctx.chain,
nft_trans_rule(trans), nft_trans_rule(trans),
NFT_MSG_NEWRULE, 0, NFT_MSG_NEWRULE);
trans->ctx.afi->family);
nft_trans_destroy(trans); nft_trans_destroy(trans);
break; break;
case NFT_MSG_DELRULE: case NFT_MSG_DELRULE:
list_del_rcu(&nft_trans_rule(trans)->list); list_del_rcu(&nft_trans_rule(trans)->list);
nf_tables_rule_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_rule_notify(&trans->ctx,
trans->ctx.table, nft_trans_rule(trans),
trans->ctx.chain, NFT_MSG_DELRULE);
nft_trans_rule(trans), NFT_MSG_DELRULE, 0,
trans->ctx.afi->family);
break; break;
case NFT_MSG_NEWSET: case NFT_MSG_NEWSET:
nft_trans_set(trans)->flags &= ~NFT_SET_INACTIVE; nft_trans_set(trans)->flags &= ~NFT_SET_INACTIVE;