openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: nf_tables: add helper to unregister chain hooks 

This patch adds a helper function to unregister chain hooks in the chain
deletion path. Basically, a code factorization.

The new function is useful in follow-up patches.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Arturo Borrero 2014-09-02 16:42:23 +02:00 committed by Pablo Neira Ayuso
parent 5e266fe7c0
commit c559879406
1 changed files with 16 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
net/netfilter/nf_tables_api.c
View File

@ -127,6 +127,15 @@ static void nft_trans_destroy(struct nft_trans *trans)
kfree(trans); kfree(trans);
} }
static void nf_tables_unregister_hooks(const struct nft_table *table,
const struct nft_chain *chain,
unsigned int hook_nops)
{
if (!(table->flags & NFT_TABLE_F_DORMANT) &&
chain->flags & NFT_BASE_CHAIN)
nf_unregister_hooks(nft_base_chain(chain)->ops, hook_nops);
}
/* /*
* Tables * Tables
*/ */
@ -1157,11 +1166,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
list_add_tail_rcu(&chain->list, &table->chains); list_add_tail_rcu(&chain->list, &table->chains);
return 0; return 0;
err2: err2:
if (!(table->flags & NFT_TABLE_F_DORMANT) && nf_tables_unregister_hooks(table, chain, afi->nops);
chain->flags & NFT_BASE_CHAIN) {
nf_unregister_hooks(nft_base_chain(chain)->ops,
afi->nops);
}
err1: err1:
nf_tables_chain_destroy(chain); nf_tables_chain_destroy(chain);
return err; return err;
@ -3368,11 +3373,9 @@ static int nf_tables_commit(struct sk_buff *skb)
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && nf_tables_unregister_hooks(trans->ctx.table,
trans->ctx.chain->flags & NFT_BASE_CHAIN) { trans->ctx.chain,
nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
trans->ctx.afi->nops); trans->ctx.afi->nops);
}
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
nft_rule_clear(trans->ctx.net, nft_trans_rule(trans)); nft_rule_clear(trans->ctx.net, nft_trans_rule(trans));
@ -3495,12 +3498,10 @@ static int nf_tables_abort(struct sk_buff *skb)
} else { } else {
trans->ctx.table->use--; trans->ctx.table->use--;
list_del_rcu(&trans->ctx.chain->list); list_del_rcu(&trans->ctx.chain->list);
if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && nf_tables_unregister_hooks(trans->ctx.table,
trans->ctx.chain->flags & NFT_BASE_CHAIN) { trans->ctx.chain,
nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
trans->ctx.afi->nops); trans->ctx.afi->nops);
} }
}
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
trans->ctx.table->use++; trans->ctx.table->use++;