korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 09:14:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx

Browse Source 
This relieves the dump callback from having to check nlmsg_type upon
each call and instead performs the check once in .start callback.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Phil Sutter 2023-09-29 21:19:20 +02:00 committed by Florian Westphal
parent 30fa41a0f6
commit 405c8fd62d
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
net/netfilter/nf_tables_api.c
View File

@ -3443,15 +3443,16 @@ static void audit_log_rule_reset(const struct nft_table *table,
struct nft_rule_dump_ctx {
char *table;
char *chain;
bool reset;
};
static int __nf_tables_dump_rules(struct sk_buff *skb,
unsigned int *idx,
struct netlink_callback *cb,
const struct nft_table *table,
const struct nft_chain *chain,
bool reset)
const struct nft_chain *chain)
{
struct nft_rule_dump_ctx *ctx = cb->data;
struct net *net = sock_net(skb->sk);
const struct nft_rule *rule, *prule;
unsigned int s_idx = cb->args[0];
@ -3475,7 +3476,7 @@ static int __nf_tables_dump_rules(struct sk_buff *skb,
NFT_MSG_NEWRULE,
NLM_F_MULTI | NLM_F_APPEND,
table->family,
table, chain, rule, handle, reset) < 0) {
table, chain, rule, handle, ctx->reset) < 0) {
ret = 1;
break;
}
@ -3487,7 +3488,7 @@ cont_skip:
(*idx)++;
}
if (reset && entries)
if (ctx->reset && entries)
audit_log_rule_reset(table, cb->seq, entries);
return ret;
@ -3504,10 +3505,6 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
struct net *net = sock_net(skb->sk);
int family = nfmsg->nfgen_family;
struct nftables_pernet *nft_net;
bool reset = false;
if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)
reset = true;
rcu_read_lock();
nft_net = nft_pernet(net);
@ -3532,7 +3529,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
if (!nft_is_active(net, chain))
continue;
__nf_tables_dump_rules(skb, &idx,
cb, table, chain, reset);
cb, table, chain);
break;
}
goto done;
@ -3540,7 +3537,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
list_for_each_entry_rcu(chain, &table->chains, list) {
if (__nf_tables_dump_rules(skb, &idx,
cb, table, chain, reset))
cb, table, chain))
goto done;
}
@ -3578,6 +3575,8 @@ static int nf_tables_dump_rules_start(struct netlink_callback *cb)
return -ENOMEM;
}
}
if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)
ctx->reset = true;
cb->data = ctx;
return 0;