diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-05 11:12:40 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-19 06:06:12 -0400 |
| commit | 35151d840c60ce82692656c73bf6e5b922247ad2 (patch) | |
| tree | db3566f118af3f86ade551428450f2940b415a90 /net/netfilter | |
| parent | 60319eb1ca351aa36e29d58d2e60ba9a9836265a (diff) | |
netfilter: nf_tables: simplify nf_tables_*_notify
Now that all these function are called from the commit path, we can
pass the context structure to reduce the amount of parameters in all
of the nf_tables_*_notify functions. This patch also removes unneeded
branches to check for skb, nlh and net that should be always set in
the context structure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 90 |
1 files changed, 32 insertions, 58 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index cd002935e6b2..86d055a51f0b 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -235,19 +235,16 @@ nla_put_failure: | |||
| 235 | return -1; | 235 | return -1; |
| 236 | } | 236 | } |
| 237 | 237 | ||
| 238 | static int nf_tables_table_notify(const struct sk_buff *oskb, | 238 | static int nf_tables_table_notify(const struct nft_ctx *ctx, int event) |
| 239 | const struct nlmsghdr *nlh, | ||
| 240 | const struct nft_table *table, | ||
| 241 | int event, int family) | ||
| 242 | { | 239 | { |
| 243 | struct sk_buff *skb; | 240 | struct sk_buff *skb; |
| 244 | u32 portid = oskb ? NETLINK_CB(oskb).portid : 0; | 241 | u32 portid = NETLINK_CB(ctx->skb).portid; |
| 245 | u32 seq = nlh ? nlh->nlmsg_seq : 0; | 242 | u32 seq = ctx->nlh->nlmsg_seq; |
| 246 | struct net *net = oskb ? sock_net(oskb->sk) : &init_net; | 243 | struct net *net = sock_net(ctx->skb->sk); |
| 247 | bool report; | 244 | bool report; |
| 248 | int err; | 245 | int err; |
| 249 | 246 | ||
| 250 | report = nlh ? nlmsg_report(nlh) : false; | 247 | report = nlmsg_report(ctx->nlh); |
| 251 | if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) | 248 | if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) |
| 252 | return 0; | 249 | return 0; |
| 253 | 250 | ||
| @@ -257,7 +254,7 @@ static int nf_tables_table_notify(const struct sk_buff *oskb, | |||
| 257 | goto err; | 254 | goto err; |
| 258 | 255 | ||
| 259 | err = nf_tables_fill_table_info(skb, portid, seq, event, 0, | 256 | err = nf_tables_fill_table_info(skb, portid, seq, event, 0, |
| 260 | family, table); | 257 | ctx->afi->family, ctx->table); |
| 261 | if (err < 0) { | 258 | if (err < 0) { |
| 262 | kfree_skb(skb); | 259 | kfree_skb(skb); |
| 263 | goto err; | 260 | goto err; |
| @@ -721,20 +718,16 @@ nla_put_failure: | |||
| 721 | return -1; | 718 | return -1; |
| 722 | } | 719 | } |
| 723 | 720 | ||
| 724 | static int nf_tables_chain_notify(const struct sk_buff *oskb, | 721 | static int nf_tables_chain_notify(const struct nft_ctx *ctx, int event) |
| 725 | const struct nlmsghdr *nlh, | ||
| 726 | const struct nft_table *table, | ||
| 727 | const struct nft_chain *chain, | ||
| 728 | int event, int family) | ||
| 729 | { | 722 | { |
| 730 | struct sk_buff *skb; | 723 | struct sk_buff *skb; |
| 731 | u32 portid = oskb ? NETLINK_CB(oskb).portid : 0; | 724 | u32 portid = NETLINK_CB(ctx->skb).portid; |
| 732 | struct net *net = oskb ? sock_net(oskb->sk) : &init_net; | 725 | struct net *net = sock_net(ctx->skb->sk); |
| 733 | u32 seq = nlh ? nlh->nlmsg_seq : 0; | 726 | u32 seq = ctx->nlh->nlmsg_seq; |
| 734 | bool report; | 727 | bool report; |
| 735 | int err; | 728 | int err; |
| 736 | 729 | ||
| 737 | report = nlh ? nlmsg_report(nlh) : false; | 730 | report = nlmsg_report(ctx->nlh); |
| 738 | if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) | 731 | if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) |
| 739 | return 0; | 732 | return 0; |
| 740 | 733 | ||
| @@ -743,8 +736,9 @@ static int nf_tables_chain_notify(const struct sk_buff *oskb, | |||
| 743 | if (skb == NULL) | 736 | if (skb == NULL) |
| 744 | goto err; | 737 | goto err; |
| 745 | 738 | ||
| 746 | err = nf_tables_fill_chain_info(skb, portid, seq, event, 0, family, | 739 | err = nf_tables_fill_chain_info(skb, portid, seq, event, 0, |
| 747 | table, chain); | 740 | ctx->afi->family, ctx->table, |
| 741 | ctx->chain); | ||
| 748 | if (err < 0) { | 742 | if (err < 0) { |
| 749 | kfree_skb(skb); | 743 | kfree_skb(skb); |
| 750 | goto err; | 744 | goto err; |
| @@ -1475,21 +1469,19 @@ nla_put_failure: | |||
| 1475 | return -1; | 1469 | return -1; |
| 1476 | } | 1470 | } |
| 1477 | 1471 | ||
| 1478 | static int nf_tables_rule_notify(const struct sk_buff *oskb, | 1472 | static int nf_tables_rule_notify(const struct nft_ctx *ctx, |
| 1479 | const struct nlmsghdr *nlh, | ||
| 1480 | const struct nft_table *table, | ||
| 1481 | const struct nft_chain *chain, | ||
| 1482 | const struct nft_rule *rule, | 1473 | const struct nft_rule *rule, |
| 1483 | int event, u32 flags, int family) | 1474 | int event) |
| 1484 | { | 1475 | { |
| 1476 | const struct sk_buff *oskb = ctx->skb; | ||
| 1485 | struct sk_buff *skb; | 1477 | struct sk_buff *skb; |
| 1486 | u32 portid = NETLINK_CB(oskb).portid; | 1478 | u32 portid = NETLINK_CB(oskb).portid; |
| 1487 | struct net *net = oskb ? sock_net(oskb->sk) : &init_net; | 1479 | struct net *net = sock_net(oskb->sk); |
| 1488 | u32 seq = nlh->nlmsg_seq; | 1480 | u32 seq = ctx->nlh->nlmsg_seq; |
| 1489 | bool report; | 1481 | bool report; |
| 1490 | int err; | 1482 | int err; |
| 1491 | 1483 | ||
| 1492 | report = nlmsg_report(nlh); | 1484 | report = nlmsg_report(ctx->nlh); |
| 1493 | if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) | 1485 | if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) |
| 1494 | return 0; | 1486 | return 0; |
| 1495 | 1487 | ||
| @@ -1498,8 +1490,9 @@ static int nf_tables_rule_notify(const struct sk_buff *oskb, | |||
| 1498 | if (skb == NULL) | 1490 | if (skb == NULL) |
| 1499 | goto err; | 1491 | goto err; |
| 1500 | 1492 | ||
| 1501 | err = nf_tables_fill_rule_info(skb, portid, seq, event, flags, | 1493 | err = nf_tables_fill_rule_info(skb, portid, seq, event, 0, |
| 1502 | family, table, chain, rule); | 1494 | ctx->afi->family, ctx->table, |
| 1495 | ctx->chain, rule); | ||
| 1503 | if (err < 0) { | 1496 | if (err < 0) { |
| 1504 | kfree_skb(skb); | 1497 | kfree_skb(skb); |
| 1505 | goto err; | 1498 | goto err; |
| @@ -3343,17 +3336,11 @@ static int nf_tables_commit(struct sk_buff *skb) | |||
| 3343 | } else { | 3336 | } else { |
| 3344 | trans->ctx.table->flags &= ~NFT_TABLE_INACTIVE; | 3337 | trans->ctx.table->flags &= ~NFT_TABLE_INACTIVE; |
| 3345 | } | 3338 | } |
| 3346 | nf_tables_table_notify(trans->ctx.skb, trans->ctx.nlh, | 3339 | nf_tables_table_notify(&trans->ctx, NFT_MSG_NEWTABLE); |
| 3347 | trans->ctx.table, | ||
| 3348 | NFT_MSG_NEWTABLE, | ||
| 3349 | trans->ctx.afi->family); | ||
| 3350 | nft_trans_destroy(trans); | 3340 | nft_trans_destroy(trans); |
| 3351 | break; | 3341 | break; |
| 3352 | case NFT_MSG_DELTABLE: | 3342 | case NFT_MSG_DELTABLE: |
| 3353 | nf_tables_table_notify(trans->ctx.skb, trans->ctx.nlh, | 3343 | nf_tables_table_notify(&trans->ctx, NFT_MSG_DELTABLE); |
| 3354 | trans->ctx.table, | ||
| 3355 | NFT_MSG_DELTABLE, | ||
| 3356 | trans->ctx.afi->family); | ||
| 3357 | break; | 3344 | break; |
| 3358 | case NFT_MSG_NEWCHAIN: | 3345 | case NFT_MSG_NEWCHAIN: |
| 3359 | if (nft_trans_chain_update(trans)) | 3346 | if (nft_trans_chain_update(trans)) |
| @@ -3362,20 +3349,12 @@ static int nf_tables_commit(struct sk_buff *skb) | |||
| 3362 | trans->ctx.chain->flags &= ~NFT_CHAIN_INACTIVE; | 3349 | trans->ctx.chain->flags &= ~NFT_CHAIN_INACTIVE; |
| 3363 | trans->ctx.table->use++; | 3350 | trans->ctx.table->use++; |
| 3364 | } | 3351 | } |
| 3365 | nf_tables_chain_notify(trans->ctx.skb, trans->ctx.nlh, | 3352 | nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN); |
| 3366 | trans->ctx.table, | ||
| 3367 | trans->ctx.chain, | ||
| 3368 | NFT_MSG_NEWCHAIN, | ||
| 3369 | trans->ctx.afi->family); | ||
| 3370 | nft_trans_destroy(trans); | 3353 | nft_trans_destroy(trans); |
| 3371 | break; | 3354 | break; |
| 3372 | case NFT_MSG_DELCHAIN: | 3355 | case NFT_MSG_DELCHAIN: |
| 3373 | trans->ctx.table->use--; | 3356 | trans->ctx.table->use--; |
| 3374 | nf_tables_chain_notify(trans->ctx.skb, trans->ctx.nlh, | 3357 | nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); |
| 3375 | trans->ctx.table, | ||
| 3376 | trans->ctx.chain, | ||
| 3377 | NFT_MSG_DELCHAIN, | ||
| 3378 | trans->ctx.afi->family); | ||
| 3379 | if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && | 3358 | if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && |
| 3380 | trans->ctx.chain->flags & NFT_BASE_CHAIN) { | 3359 | trans->ctx.chain->flags & NFT_BASE_CHAIN) { |
| 3381 | nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops, | 3360 | nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops, |
| @@ -3384,21 +3363,16 @@ static int nf_tables_commit(struct sk_buff *skb) | |||
| 3384 | break; | 3363 | break; |
| 3385 | case NFT_MSG_NEWRULE: | 3364 | case NFT_MSG_NEWRULE: |
| 3386 | nft_rule_clear(trans->ctx.net, nft_trans_rule(trans)); | 3365 | nft_rule_clear(trans->ctx.net, nft_trans_rule(trans)); |
| 3387 | nf_tables_rule_notify(trans->ctx.skb, trans->ctx.nlh, | 3366 | nf_tables_rule_notify(&trans->ctx, |
| 3388 | trans->ctx.table, | ||
| 3389 | trans->ctx.chain, | ||
| 3390 | nft_trans_rule(trans), | 3367 | nft_trans_rule(trans), |
| 3391 | NFT_MSG_NEWRULE, 0, | 3368 | NFT_MSG_NEWRULE); |
| 3392 | trans->ctx.afi->family); | ||
| 3393 | nft_trans_destroy(trans); | 3369 | nft_trans_destroy(trans); |
| 3394 | break; | 3370 | break; |
| 3395 | case NFT_MSG_DELRULE: | 3371 | case NFT_MSG_DELRULE: |
| 3396 | list_del_rcu(&nft_trans_rule(trans)->list); | 3372 | list_del_rcu(&nft_trans_rule(trans)->list); |
| 3397 | nf_tables_rule_notify(trans->ctx.skb, trans->ctx.nlh, | 3373 | nf_tables_rule_notify(&trans->ctx, |
| 3398 | trans->ctx.table, | 3374 | nft_trans_rule(trans), |
| 3399 | trans->ctx.chain, | 3375 | NFT_MSG_DELRULE); |
| 3400 | nft_trans_rule(trans), NFT_MSG_DELRULE, 0, | ||
| 3401 | trans->ctx.afi->family); | ||
| 3402 | break; | 3376 | break; |
| 3403 | case NFT_MSG_NEWSET: | 3377 | case NFT_MSG_NEWSET: |
| 3404 | nft_trans_set(trans)->flags &= ~NFT_SET_INACTIVE; | 3378 | nft_trans_set(trans)->flags &= ~NFT_SET_INACTIVE; |