Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d8ee8f7c authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: add nft_register_basechain() and nft_unregister_basechain() 



This wrapper functions take care of hook registration for basechains.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 2cbce139

net/netfilter/nf_tables_api.c

+37 −15
Original line number Diff line number Diff line
@@ -127,13 +127,38 @@ static void nft_trans_destroy(struct nft_trans *trans) 
	kfree(trans);

}



static int nft_register_basechain(struct nft_base_chain *basechain,

				  unsigned int hook_nops)

{

	return nf_register_hooks(basechain->ops, hook_nops);

}



static void nft_unregister_basechain(struct nft_base_chain *basechain,

				     unsigned int hook_nops)

{

	nf_unregister_hooks(basechain->ops, hook_nops);

}



static int nf_tables_register_hooks(const struct nft_table *table,

				    struct nft_chain *chain,

				    unsigned int hook_nops)

{

	if (table->flags & NFT_TABLE_F_DORMANT ||

	    !(chain->flags & NFT_BASE_CHAIN))

		return 0;



	return nft_register_basechain(nft_base_chain(chain), hook_nops);

}



static void nf_tables_unregister_hooks(const struct nft_table *table,

				       const struct nft_chain *chain,

				       struct nft_chain *chain,

				       unsigned int hook_nops)

{

	if (!(table->flags & NFT_TABLE_F_DORMANT) &&

	    chain->flags & NFT_BASE_CHAIN)

		nf_unregister_hooks(nft_base_chain(chain)->ops, hook_nops);

	if (table->flags & NFT_TABLE_F_DORMANT ||

	    !(chain->flags & NFT_BASE_CHAIN))

		return;



	nft_unregister_basechain(nft_base_chain(chain), hook_nops);

}



/* Internal table flags */
@@ -560,7 +585,7 @@ static int nf_tables_table_enable(const struct nft_af_info *afi, 
		if (!(chain->flags & NFT_BASE_CHAIN))

			continue;



		err = nf_register_hooks(nft_base_chain(chain)->ops, afi->nops);

		err = nft_register_basechain(nft_base_chain(chain), afi->nops);

		if (err < 0)

			goto err;
@@ -575,7 +600,7 @@ static int nf_tables_table_enable(const struct nft_af_info *afi, 
		if (i-- <= 0)

			break;



		nf_unregister_hooks(nft_base_chain(chain)->ops, afi->nops);

		nft_unregister_basechain(nft_base_chain(chain), afi->nops);

	}

	return err;

}
@@ -587,7 +612,7 @@ static void nf_tables_table_disable(const struct nft_af_info *afi, 


	list_for_each_entry(chain, &table->chains, list) {

		if (chain->flags & NFT_BASE_CHAIN)

			nf_unregister_hooks(nft_base_chain(chain)->ops,

			nft_unregister_basechain(nft_base_chain(chain),

						 afi->nops);

	}

}
@@ -1421,12 +1446,9 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, 
	chain->table = table;

	nla_strlcpy(chain->name, name, NFT_CHAIN_MAXNAMELEN);



	if (!(table->flags & NFT_TABLE_F_DORMANT) &&

	    chain->flags & NFT_BASE_CHAIN) {

		err = nf_register_hooks(nft_base_chain(chain)->ops, afi->nops);

	err = nf_tables_register_hooks(table, chain, afi->nops);

	if (err < 0)

		goto err1;

	}



	nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla);

	err = nft_trans_chain_add(&ctx, NFT_MSG_NEWCHAIN);