Skip to content

Commit 375f222

Browse files
Phil Sutterummakynes
Phil Sutter
authored and
ummakynes
committed
netfilter: nf_tables: Simplify chain netdev notifier
With conditional chain deletion gone, callback code simplifies: Instead of filling an nft_ctx object, just pass basechain to the per-chain function. Also plain list_for_each_entry() is safe now. Signed-off-by: Phil Sutter <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent fc01334 commit 375f222

File tree

1 file changed

+7
-14
lines changed

1 file changed

+7
-14
lines changed

net/netfilter/nft_chain_filter.c

Lines changed: 7 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -319,17 +319,16 @@ static const struct nft_chain_type nft_chain_filter_netdev = {
319319
};
320320

321321
static void nft_netdev_event(unsigned long event, struct net_device *dev,
322-
struct nft_ctx *ctx)
322+
struct nft_base_chain *basechain)
323323
{
324-
struct nft_base_chain *basechain = nft_base_chain(ctx->chain);
325324
struct nft_hook *hook;
326325

327326
list_for_each_entry(hook, &basechain->hook_list, list) {
328327
if (hook->ops.dev != dev)
329328
continue;
330329

331-
if (!(ctx->chain->table->flags & NFT_TABLE_F_DORMANT))
332-
nf_unregister_net_hook(ctx->net, &hook->ops);
330+
if (!(basechain->chain.table->flags & NFT_TABLE_F_DORMANT))
331+
nf_unregister_net_hook(dev_net(dev), &hook->ops);
333332

334333
list_del_rcu(&hook->list);
335334
kfree_rcu(hook, rcu);
@@ -343,25 +342,20 @@ static int nf_tables_netdev_event(struct notifier_block *this,
343342
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
344343
struct nft_base_chain *basechain;
345344
struct nftables_pernet *nft_net;
346-
struct nft_chain *chain, *nr;
345+
struct nft_chain *chain;
347346
struct nft_table *table;
348-
struct nft_ctx ctx = {
349-
.net = dev_net(dev),
350-
};
351347

352348
if (event != NETDEV_UNREGISTER)
353349
return NOTIFY_DONE;
354350

355-
nft_net = nft_pernet(ctx.net);
351+
nft_net = nft_pernet(dev_net(dev));
356352
mutex_lock(&nft_net->commit_mutex);
357353
list_for_each_entry(table, &nft_net->tables, list) {
358354
if (table->family != NFPROTO_NETDEV &&
359355
table->family != NFPROTO_INET)
360356
continue;
361357

362-
ctx.family = table->family;
363-
ctx.table = table;
364-
list_for_each_entry_safe(chain, nr, &table->chains, list) {
358+
list_for_each_entry(chain, &table->chains, list) {
365359
if (!nft_is_base_chain(chain))
366360
continue;
367361

@@ -370,8 +364,7 @@ static int nf_tables_netdev_event(struct notifier_block *this,
370364
basechain->ops.hooknum != NF_INET_INGRESS)
371365
continue;
372366

373-
ctx.chain = chain;
374-
nft_netdev_event(event, dev, &ctx);
367+
nft_netdev_event(event, dev, basechain);
375368
}
376369
}
377370
mutex_unlock(&nft_net->commit_mutex);

0 commit comments

Comments
 (0)