Commit c5598794 authored by Arturo Borrero's avatar Arturo Borrero Committed by Pablo Neira Ayuso

netfilter: nf_tables: add helper to unregister chain hooks

This patch adds a helper function to unregister chain hooks in the chain
deletion path. Basically, a code factorization.

The new function is useful in follow-up patches.
Signed-off-by: default avatarArturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 5e266fe7
...@@ -127,6 +127,15 @@ static void nft_trans_destroy(struct nft_trans *trans) ...@@ -127,6 +127,15 @@ static void nft_trans_destroy(struct nft_trans *trans)
kfree(trans); kfree(trans);
} }
static void nf_tables_unregister_hooks(const struct nft_table *table,
const struct nft_chain *chain,
unsigned int hook_nops)
{
if (!(table->flags & NFT_TABLE_F_DORMANT) &&
chain->flags & NFT_BASE_CHAIN)
nf_unregister_hooks(nft_base_chain(chain)->ops, hook_nops);
}
/* /*
* Tables * Tables
*/ */
...@@ -1157,11 +1166,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, ...@@ -1157,11 +1166,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
list_add_tail_rcu(&chain->list, &table->chains); list_add_tail_rcu(&chain->list, &table->chains);
return 0; return 0;
err2: err2:
if (!(table->flags & NFT_TABLE_F_DORMANT) && nf_tables_unregister_hooks(table, chain, afi->nops);
chain->flags & NFT_BASE_CHAIN) {
nf_unregister_hooks(nft_base_chain(chain)->ops,
afi->nops);
}
err1: err1:
nf_tables_chain_destroy(chain); nf_tables_chain_destroy(chain);
return err; return err;
...@@ -3368,11 +3373,9 @@ static int nf_tables_commit(struct sk_buff *skb) ...@@ -3368,11 +3373,9 @@ static int nf_tables_commit(struct sk_buff *skb)
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN); nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && nf_tables_unregister_hooks(trans->ctx.table,
trans->ctx.chain->flags & NFT_BASE_CHAIN) { trans->ctx.chain,
nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
trans->ctx.afi->nops); trans->ctx.afi->nops);
}
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
nft_rule_clear(trans->ctx.net, nft_trans_rule(trans)); nft_rule_clear(trans->ctx.net, nft_trans_rule(trans));
...@@ -3495,12 +3498,10 @@ static int nf_tables_abort(struct sk_buff *skb) ...@@ -3495,12 +3498,10 @@ static int nf_tables_abort(struct sk_buff *skb)
} else { } else {
trans->ctx.table->use--; trans->ctx.table->use--;
list_del_rcu(&trans->ctx.chain->list); list_del_rcu(&trans->ctx.chain->list);
if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) && nf_tables_unregister_hooks(trans->ctx.table,
trans->ctx.chain->flags & NFT_BASE_CHAIN) { trans->ctx.chain,
nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
trans->ctx.afi->nops); trans->ctx.afi->nops);
} }
}
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
trans->ctx.table->use++; trans->ctx.table->use++;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment