Skip to content

Commit f649be6

Browse files
Phil Sutterummakynes
Phil Sutter
authored and
ummakynes
committed
netfilter: nf_tables: Introduce nft_set_dump_ctx_init()
This is a wrapper around nft_ctx_init() for use in nf_tables_getsetelem() and a resetting equivalent introduced later. Signed-off-by: Phil Sutter <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 5896e86 commit f649be6

File tree

1 file changed

+33
-16
lines changed

1 file changed

+33
-16
lines changed

net/netfilter/nf_tables_api.c

Lines changed: 33 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -6039,21 +6039,18 @@ static int nft_get_set_elem(struct nft_ctx *ctx, const struct nft_set *set,
60396039
return err;
60406040
}
60416041

6042-
/* called with rcu_read_lock held */
6043-
static int nf_tables_getsetelem(struct sk_buff *skb,
6044-
const struct nfnl_info *info,
6045-
const struct nlattr * const nla[])
6042+
static int nft_set_dump_ctx_init(struct nft_set_dump_ctx *dump_ctx,
6043+
const struct sk_buff *skb,
6044+
const struct nfnl_info *info,
6045+
const struct nlattr * const nla[],
6046+
bool reset)
60466047
{
60476048
struct netlink_ext_ack *extack = info->extack;
60486049
u8 genmask = nft_genmask_cur(info->net);
60496050
u8 family = info->nfmsg->nfgen_family;
6050-
int rem, err = 0, nelems = 0;
60516051
struct net *net = info->net;
60526052
struct nft_table *table;
60536053
struct nft_set *set;
6054-
struct nlattr *attr;
6055-
struct nft_ctx ctx;
6056-
bool reset = false;
60576054

60586055
table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
60596056
genmask, 0);
@@ -6068,7 +6065,24 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
60686065
return PTR_ERR(set);
60696066
}
60706067

6071-
nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
6068+
nft_ctx_init(&dump_ctx->ctx, net, skb,
6069+
info->nlh, family, table, NULL, nla);
6070+
dump_ctx->set = set;
6071+
dump_ctx->reset = reset;
6072+
return 0;
6073+
}
6074+
6075+
/* called with rcu_read_lock held */
6076+
static int nf_tables_getsetelem(struct sk_buff *skb,
6077+
const struct nfnl_info *info,
6078+
const struct nlattr * const nla[])
6079+
{
6080+
struct netlink_ext_ack *extack = info->extack;
6081+
struct nft_set_dump_ctx dump_ctx;
6082+
int rem, err = 0, nelems = 0;
6083+
struct net *net = info->net;
6084+
struct nlattr *attr;
6085+
bool reset = false;
60726086

60736087
if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)
60746088
reset = true;
@@ -6080,11 +6094,10 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
60806094
.done = nf_tables_dump_set_done,
60816095
.module = THIS_MODULE,
60826096
};
6083-
struct nft_set_dump_ctx dump_ctx = {
6084-
.set = set,
6085-
.ctx = ctx,
6086-
.reset = reset,
6087-
};
6097+
6098+
err = nft_set_dump_ctx_init(&dump_ctx, skb, info, nla, reset);
6099+
if (err)
6100+
return err;
60886101

60896102
c.data = &dump_ctx;
60906103
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
@@ -6093,8 +6106,12 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
60936106
if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])
60946107
return -EINVAL;
60956108

6109+
err = nft_set_dump_ctx_init(&dump_ctx, skb, info, nla, reset);
6110+
if (err)
6111+
return err;
6112+
60966113
nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
6097-
err = nft_get_set_elem(&ctx, set, attr, reset);
6114+
err = nft_get_set_elem(&dump_ctx.ctx, dump_ctx.set, attr, reset);
60986115
if (err < 0) {
60996116
NL_SET_BAD_ATTR(extack, attr);
61006117
break;
@@ -6103,7 +6120,7 @@ static int nf_tables_getsetelem(struct sk_buff *skb,
61036120
}
61046121

61056122
if (reset)
6106-
audit_log_nft_set_reset(table, nft_pernet(net)->base_seq,
6123+
audit_log_nft_set_reset(dump_ctx.ctx.table, nft_pernet(net)->base_seq,
61076124
nelems);
61086125

61096126
return err;

0 commit comments

Comments
 (0)