Skip to content

Commit 13f20bc

Browse files
Florian Westphalummakynes
Florian Westphal
authored and
ummakynes
committed
netfilter: nf_tables: store chain pointer in rule transaction
Currently the chain can be derived from trans->ctx.chain, but the ctx will go away soon. Thus add the chain pointer to nft_trans_rule structure itself. Signed-off-by: Florian Westphal <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent d4f6f39 commit 13f20bc

File tree

3 files changed

+22
-18
lines changed

3 files changed

+22
-18
lines changed

include/net/netfilter/nf_tables.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1640,6 +1640,7 @@ struct nft_trans_binding {
16401640
struct nft_trans_rule {
16411641
struct nft_trans nft_trans;
16421642
struct nft_rule *rule;
1643+
struct nft_chain *chain;
16431644
struct nft_flow_rule *flow;
16441645
u32 rule_id;
16451646
bool bound;
@@ -1655,6 +1656,8 @@ struct nft_trans_rule {
16551656
nft_trans_container_rule(trans)->rule_id
16561657
#define nft_trans_rule_bound(trans) \
16571658
nft_trans_container_rule(trans)->bound
1659+
#define nft_trans_rule_chain(trans) \
1660+
nft_trans_container_rule(trans)->chain
16581661

16591662
struct nft_trans_set {
16601663
struct nft_trans_binding nft_trans_binding;

net/netfilter/nf_tables_api.c

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -251,7 +251,7 @@ static void __nft_chain_trans_bind(const struct nft_ctx *ctx,
251251
nft_trans_chain_bound(trans) = bind;
252252
break;
253253
case NFT_MSG_NEWRULE:
254-
if (trans->ctx.chain == chain)
254+
if (nft_trans_rule_chain(trans) == chain)
255255
nft_trans_rule_bound(trans) = bind;
256256
break;
257257
}
@@ -541,6 +541,7 @@ static struct nft_trans *nft_trans_rule_add(struct nft_ctx *ctx, int msg_type,
541541
ntohl(nla_get_be32(ctx->nla[NFTA_RULE_ID]));
542542
}
543543
nft_trans_rule(trans) = rule;
544+
nft_trans_rule_chain(trans) = ctx->chain;
544545
nft_trans_commit_list_add_tail(ctx->net, trans);
545546

546547
return trans;
@@ -4227,7 +4228,7 @@ static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
42274228

42284229
list_for_each_entry(trans, &nft_net->commit_list, list) {
42294230
if (trans->msg_type == NFT_MSG_NEWRULE &&
4230-
trans->ctx.chain == chain &&
4231+
nft_trans_rule_chain(trans) == chain &&
42314232
id == nft_trans_rule_id(trans))
42324233
return nft_trans_rule(trans);
42334234
}
@@ -9684,7 +9685,7 @@ static void nf_tables_commit_chain_prepare_cancel(struct net *net)
96849685
list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
96859686
if (trans->msg_type == NFT_MSG_NEWRULE ||
96869687
trans->msg_type == NFT_MSG_DELRULE) {
9687-
struct nft_chain *chain = trans->ctx.chain;
9688+
struct nft_chain *chain = nft_trans_rule_chain(trans);
96889689

96899690
kvfree(chain->blob_next);
96909691
chain->blob_next = NULL;
@@ -10250,7 +10251,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
1025010251
}
1025110252
if (trans->msg_type == NFT_MSG_NEWRULE ||
1025210253
trans->msg_type == NFT_MSG_DELRULE) {
10253-
chain = trans->ctx.chain;
10254+
chain = nft_trans_rule_chain(trans);
1025410255

1025510256
ret = nf_tables_commit_chain_prepare(net, chain);
1025610257
if (ret < 0) {
@@ -10346,7 +10347,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
1034610347
nf_tables_rule_notify(&trans->ctx,
1034710348
nft_trans_rule(trans),
1034810349
NFT_MSG_NEWRULE);
10349-
if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
10350+
if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
1035010351
nft_flow_rule_destroy(nft_trans_flow_rule(trans));
1035110352

1035210353
nft_trans_destroy(trans);
@@ -10361,7 +10362,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
1036110362
nft_trans_rule(trans),
1036210363
NFT_TRANS_COMMIT);
1036310364

10364-
if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
10365+
if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
1036510366
nft_flow_rule_destroy(nft_trans_flow_rule(trans));
1036610367
break;
1036710368
case NFT_MSG_NEWSET:
@@ -10645,20 +10646,20 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
1064510646
nft_trans_destroy(trans);
1064610647
break;
1064710648
}
10648-
nft_use_dec_restore(&trans->ctx.chain->use);
10649+
nft_use_dec_restore(&nft_trans_rule_chain(trans)->use);
1064910650
list_del_rcu(&nft_trans_rule(trans)->list);
1065010651
nft_rule_expr_deactivate(&trans->ctx,
1065110652
nft_trans_rule(trans),
1065210653
NFT_TRANS_ABORT);
10653-
if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
10654+
if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
1065410655
nft_flow_rule_destroy(nft_trans_flow_rule(trans));
1065510656
break;
1065610657
case NFT_MSG_DELRULE:
1065710658
case NFT_MSG_DESTROYRULE:
10658-
nft_use_inc_restore(&trans->ctx.chain->use);
10659+
nft_use_inc_restore(&nft_trans_rule_chain(trans)->use);
1065910660
nft_clear(trans->ctx.net, nft_trans_rule(trans));
1066010661
nft_rule_expr_activate(&trans->ctx, nft_trans_rule(trans));
10661-
if (trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)
10662+
if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
1066210663
nft_flow_rule_destroy(nft_trans_flow_rule(trans));
1066310664

1066410665
nft_trans_destroy(trans);

net/netfilter/nf_tables_offload.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -533,18 +533,18 @@ static void nft_flow_rule_offload_abort(struct net *net,
533533
FLOW_BLOCK_BIND);
534534
break;
535535
case NFT_MSG_NEWRULE:
536-
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
536+
if (!(nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD))
537537
continue;
538538

539-
err = nft_flow_offload_rule(trans->ctx.chain,
539+
err = nft_flow_offload_rule(nft_trans_rule_chain(trans),
540540
nft_trans_rule(trans),
541541
NULL, FLOW_CLS_DESTROY);
542542
break;
543543
case NFT_MSG_DELRULE:
544-
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
544+
if (!(nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD))
545545
continue;
546546

547-
err = nft_flow_offload_rule(trans->ctx.chain,
547+
err = nft_flow_offload_rule(nft_trans_rule_chain(trans),
548548
nft_trans_rule(trans),
549549
nft_trans_flow_rule(trans),
550550
FLOW_CLS_REPLACE);
@@ -586,24 +586,24 @@ int nft_flow_rule_offload_commit(struct net *net)
586586
FLOW_BLOCK_UNBIND);
587587
break;
588588
case NFT_MSG_NEWRULE:
589-
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
589+
if (!(nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD))
590590
continue;
591591

592592
if (trans->ctx.flags & NLM_F_REPLACE ||
593593
!(trans->ctx.flags & NLM_F_APPEND)) {
594594
err = -EOPNOTSUPP;
595595
break;
596596
}
597-
err = nft_flow_offload_rule(trans->ctx.chain,
597+
err = nft_flow_offload_rule(nft_trans_rule_chain(trans),
598598
nft_trans_rule(trans),
599599
nft_trans_flow_rule(trans),
600600
FLOW_CLS_REPLACE);
601601
break;
602602
case NFT_MSG_DELRULE:
603-
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
603+
if (!(nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD))
604604
continue;
605605

606-
err = nft_flow_offload_rule(trans->ctx.chain,
606+
err = nft_flow_offload_rule(nft_trans_rule_chain(trans),
607607
nft_trans_rule(trans),
608608
NULL, FLOW_CLS_DESTROY);
609609
break;

0 commit comments

Comments
 (0)