提交 408070d6 编写于 作者: P Pablo Neira Ayuso

netfilter: nf_tables: add nft_set_is_anonymous() helper

Add helper function to test for the NFT_SET_ANONYMOUS flag.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 7a4473a3
...@@ -416,6 +416,11 @@ struct nft_set { ...@@ -416,6 +416,11 @@ struct nft_set {
__attribute__((aligned(__alignof__(u64)))); __attribute__((aligned(__alignof__(u64))));
}; };
static inline bool nft_set_is_anonymous(const struct nft_set *set)
{
return set->flags & NFT_SET_ANONYMOUS;
}
static inline void *nft_set_priv(const struct nft_set *set) static inline void *nft_set_priv(const struct nft_set *set)
{ {
return (void *)set->data; return (void *)set->data;
......
...@@ -774,7 +774,7 @@ static int nft_flush_table(struct nft_ctx *ctx) ...@@ -774,7 +774,7 @@ static int nft_flush_table(struct nft_ctx *ctx)
if (!nft_is_active_next(ctx->net, set)) if (!nft_is_active_next(ctx->net, set))
continue; continue;
if (set->flags & NFT_SET_ANONYMOUS && if (nft_set_is_anonymous(set) &&
!list_empty(&set->bindings)) !list_empty(&set->bindings))
continue; continue;
...@@ -3284,7 +3284,7 @@ int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set, ...@@ -3284,7 +3284,7 @@ int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set,
struct nft_set_binding *i; struct nft_set_binding *i;
struct nft_set_iter iter; struct nft_set_iter iter;
if (!list_empty(&set->bindings) && set->flags & NFT_SET_ANONYMOUS) if (!list_empty(&set->bindings) && nft_set_is_anonymous(set))
return -EBUSY; return -EBUSY;
if (binding->flags & NFT_SET_MAP) { if (binding->flags & NFT_SET_MAP) {
...@@ -3319,7 +3319,7 @@ void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, ...@@ -3319,7 +3319,7 @@ void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
{ {
list_del_rcu(&binding->list); list_del_rcu(&binding->list);
if (list_empty(&set->bindings) && set->flags & NFT_SET_ANONYMOUS && if (list_empty(&set->bindings) && nft_set_is_anonymous(set) &&
nft_is_active(ctx->net, set)) nft_is_active(ctx->net, set))
nf_tables_set_destroy(ctx, set); nf_tables_set_destroy(ctx, set);
} }
...@@ -5157,7 +5157,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) ...@@ -5157,7 +5157,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
/* This avoids hitting -EBUSY when deleting the table /* This avoids hitting -EBUSY when deleting the table
* from the transaction. * from the transaction.
*/ */
if (nft_trans_set(trans)->flags & NFT_SET_ANONYMOUS && if (nft_set_is_anonymous(nft_trans_set(trans)) &&
!list_empty(&nft_trans_set(trans)->bindings)) !list_empty(&nft_trans_set(trans)->bindings))
trans->ctx.table->use--; trans->ctx.table->use--;
......
...@@ -184,7 +184,7 @@ static int nft_dynset_init(const struct nft_ctx *ctx, ...@@ -184,7 +184,7 @@ static int nft_dynset_init(const struct nft_ctx *ctx,
if (tb[NFTA_DYNSET_EXPR] != NULL) { if (tb[NFTA_DYNSET_EXPR] != NULL) {
if (!(set->flags & NFT_SET_EVAL)) if (!(set->flags & NFT_SET_EVAL))
return -EINVAL; return -EINVAL;
if (!(set->flags & NFT_SET_ANONYMOUS)) if (!nft_set_is_anonymous(set))
return -EOPNOTSUPP; return -EOPNOTSUPP;
priv->expr = nft_expr_init(ctx, tb[NFTA_DYNSET_EXPR]); priv->expr = nft_expr_init(ctx, tb[NFTA_DYNSET_EXPR]);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册