提交 35151d84 编写于 作者: P Pablo Neira Ayuso

netfilter: nf_tables: simplify nf_tables_*_notify

Now that all these function are called from the commit path, we can
pass the context structure to reduce the amount of parameters in all
of the nf_tables_*_notify functions. This patch also removes unneeded
branches to check for skb, nlh and net that should be always set in
the context structure.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 60319eb1
...@@ -235,19 +235,16 @@ static int nf_tables_fill_table_info(struct sk_buff *skb, u32 portid, u32 seq, ...@@ -235,19 +235,16 @@ static int nf_tables_fill_table_info(struct sk_buff *skb, u32 portid, u32 seq,
return -1; return -1;
} }
static int nf_tables_table_notify(const struct sk_buff *oskb, static int nf_tables_table_notify(const struct nft_ctx *ctx, int event)
const struct nlmsghdr *nlh,
const struct nft_table *table,
int event, int family)
{ {
struct sk_buff *skb; struct sk_buff *skb;
u32 portid = oskb ? NETLINK_CB(oskb).portid : 0; u32 portid = NETLINK_CB(ctx->skb).portid;
u32 seq = nlh ? nlh->nlmsg_seq : 0; u32 seq = ctx->nlh->nlmsg_seq;
struct net *net = oskb ? sock_net(oskb->sk) : &init_net; struct net *net = sock_net(ctx->skb->sk);
bool report; bool report;
int err; int err;
report = nlh ? nlmsg_report(nlh) : false; report = nlmsg_report(ctx->nlh);
if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
return 0; return 0;
...@@ -257,7 +254,7 @@ static int nf_tables_table_notify(const struct sk_buff *oskb, ...@@ -257,7 +254,7 @@ static int nf_tables_table_notify(const struct sk_buff *oskb,
goto err; goto err;
err = nf_tables_fill_table_info(skb, portid, seq, event, 0, err = nf_tables_fill_table_info(skb, portid, seq, event, 0,
family, table); ctx->afi->family, ctx->table);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
goto err; goto err;
...@@ -721,20 +718,16 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, u32 portid, u32 seq, ...@@ -721,20 +718,16 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, u32 portid, u32 seq,
return -1; return -1;
} }
static int nf_tables_chain_notify(const struct sk_buff *oskb, static int nf_tables_chain_notify(const struct nft_ctx *ctx, int event)
const struct nlmsghdr *nlh,
const struct nft_table *table,
const struct nft_chain *chain,
int event, int family)
{ {
struct sk_buff *skb; struct sk_buff *skb;
u32 portid = oskb ? NETLINK_CB(oskb).portid : 0; u32 portid = NETLINK_CB(ctx->skb).portid;
struct net *net = oskb ? sock_net(oskb->sk) : &init_net; struct net *net = sock_net(ctx->skb->sk);
u32 seq = nlh ? nlh->nlmsg_seq : 0; u32 seq = ctx->nlh->nlmsg_seq;
bool report; bool report;
int err; int err;
report = nlh ? nlmsg_report(nlh) : false; report = nlmsg_report(ctx->nlh);
if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
return 0; return 0;
...@@ -743,8 +736,9 @@ static int nf_tables_chain_notify(const struct sk_buff *oskb, ...@@ -743,8 +736,9 @@ static int nf_tables_chain_notify(const struct sk_buff *oskb,
if (skb == NULL) if (skb == NULL)
goto err; goto err;
err = nf_tables_fill_chain_info(skb, portid, seq, event, 0, family, err = nf_tables_fill_chain_info(skb, portid, seq, event, 0,
table, chain); ctx->afi->family, ctx->table,
ctx->chain);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
goto err; goto err;
...@@ -1475,21 +1469,19 @@ static int nf_tables_fill_rule_info(struct sk_buff *skb, u32 portid, u32 seq, ...@@ -1475,21 +1469,19 @@ static int nf_tables_fill_rule_info(struct sk_buff *skb, u32 portid, u32 seq,
return -1; return -1;
} }
static int nf_tables_rule_notify(const struct sk_buff *oskb, static int nf_tables_rule_notify(const struct nft_ctx *ctx,
const struct nlmsghdr *nlh,
const struct nft_table *table,
const struct nft_chain *chain,
const struct nft_rule *rule, const struct nft_rule *rule,
int event, u32 flags, int family) int event)
{ {
const struct sk_buff *oskb = ctx->skb;
struct sk_buff *skb; struct sk_buff *skb;
u32 portid = NETLINK_CB(oskb).portid; u32 portid = NETLINK_CB(oskb).portid;
struct net *net = oskb ? sock_net(oskb->sk) : &init_net; struct net *net = sock_net(oskb->sk);
u32 seq = nlh->nlmsg_seq; u32 seq = ctx->nlh->nlmsg_seq;
bool report; bool report;
int err; int err;
report = nlmsg_report(nlh); report = nlmsg_report(ctx->nlh);
if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES)) if (!report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
return 0; return 0;
...@@ -1498,8 +1490,9 @@ static int nf_tables_rule_notify(const struct sk_buff *oskb, ...@@ -1498,8 +1490,9 @@ static int nf_tables_rule_notify(const struct sk_buff *oskb,
if (skb == NULL) if (skb == NULL)
goto err; goto err;
err = nf_tables_fill_rule_info(skb, portid, seq, event, flags, err = nf_tables_fill_rule_info(skb, portid, seq, event, 0,
family, table, chain, rule); ctx->afi->family, ctx->table,
ctx->chain, rule);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
goto err; goto err;
...@@ -3343,17 +3336,11 @@ static int nf_tables_commit(struct sk_buff *skb) ...@@ -3343,17 +3336,11 @@ static int nf_tables_commit(struct sk_buff *skb)
} else { } else {
trans->ctx.table->flags &= ~NFT_TABLE_INACTIVE; trans->ctx.table->flags &= ~NFT_TABLE_INACTIVE;
} }
nf_tables_table_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_table_notify(&trans->ctx, NFT_MSG_NEWTABLE);
trans->ctx.table,
NFT_MSG_NEWTABLE,
trans->ctx.afi->family);
nft_trans_destroy(trans); nft_trans_destroy(trans);
break; break;
case NFT_MSG_DELTABLE: case NFT_MSG_DELTABLE:
nf_tables_table_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_table_notify(&trans->ctx, NFT_MSG_DELTABLE);
trans->ctx.table,
NFT_MSG_DELTABLE,
trans->ctx.afi->family);
break; break;
case NFT_MSG_NEWCHAIN: case NFT_MSG_NEWCHAIN:
if (nft_trans_chain_update(trans)) if (nft_trans_chain_update(trans))
...@@ -3362,20 +3349,12 @@ static int nf_tables_commit(struct sk_buff *skb) ...@@ -3362,20 +3349,12 @@ static int nf_tables_commit(struct sk_buff *skb)
trans->ctx.chain->flags &= ~NFT_CHAIN_INACTIVE; trans->ctx.chain->flags &= ~NFT_CHAIN_INACTIVE;
trans->ctx.table->use++; trans->ctx.table->use++;
} }
nf_tables_chain_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN);
trans->ctx.table,
trans->ctx.chain,
NFT_MSG_NEWCHAIN,
trans->ctx.afi->family);
nft_trans_destroy(trans); nft_trans_destroy(trans);
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
trans->ctx.table->use--; trans->ctx.table->use--;
nf_tables_chain_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
trans->ctx.table,
trans->ctx.chain,
NFT_MSG_DELCHAIN,
trans->ctx.afi->family);
if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) &&
trans->ctx.chain->flags & NFT_BASE_CHAIN) { trans->ctx.chain->flags & NFT_BASE_CHAIN) {
nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops, nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
...@@ -3384,21 +3363,16 @@ static int nf_tables_commit(struct sk_buff *skb) ...@@ -3384,21 +3363,16 @@ static int nf_tables_commit(struct sk_buff *skb)
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
nft_rule_clear(trans->ctx.net, nft_trans_rule(trans)); nft_rule_clear(trans->ctx.net, nft_trans_rule(trans));
nf_tables_rule_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_rule_notify(&trans->ctx,
trans->ctx.table,
trans->ctx.chain,
nft_trans_rule(trans), nft_trans_rule(trans),
NFT_MSG_NEWRULE, 0, NFT_MSG_NEWRULE);
trans->ctx.afi->family);
nft_trans_destroy(trans); nft_trans_destroy(trans);
break; break;
case NFT_MSG_DELRULE: case NFT_MSG_DELRULE:
list_del_rcu(&nft_trans_rule(trans)->list); list_del_rcu(&nft_trans_rule(trans)->list);
nf_tables_rule_notify(trans->ctx.skb, trans->ctx.nlh, nf_tables_rule_notify(&trans->ctx,
trans->ctx.table, nft_trans_rule(trans),
trans->ctx.chain, NFT_MSG_DELRULE);
nft_trans_rule(trans), NFT_MSG_DELRULE, 0,
trans->ctx.afi->family);
break; break;
case NFT_MSG_NEWSET: case NFT_MSG_NEWSET:
nft_trans_set(trans)->flags &= ~NFT_SET_INACTIVE; nft_trans_set(trans)->flags &= ~NFT_SET_INACTIVE;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册