[nf,1/5] netfilter: nf_tables: use nft_ctx instead of nft_chain

Message ID 20180515122314.29197-1-ap420073@gmail.com
State RFC
Delegated to: Pablo Neira
Headers show
Series
  • netfilter: nf_tables: add validate non-basechain ruleset routine
Related show

Commit Message

Taehee Yoo May 15, 2018, 12:23 p.m.
This patch prepares for next patches.
The nft_chain_validate_hooks and
nft_chain_validate_dependency are going to use both net and nft_chain.

Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
 include/net/netfilter/nf_tables.h        |  4 ++--
 net/bridge/netfilter/nft_reject_bridge.c |  4 ++--
 net/netfilter/nf_tables_api.c            | 12 ++++++------
 net/netfilter/nft_fib.c                  |  2 +-
 net/netfilter/nft_flow_offload.c         |  2 +-
 net/netfilter/nft_masq.c                 |  4 ++--
 net/netfilter/nft_meta.c                 |  4 ++--
 net/netfilter/nft_nat.c                  |  6 +++---
 net/netfilter/nft_redir.c                |  4 ++--
 net/netfilter/nft_reject.c               |  2 +-
 net/netfilter/nft_rt.c                   |  2 +-
 11 files changed, 23 insertions(+), 23 deletions(-)

Patch

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index a1e28dd..7eb4802 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -903,9 +903,9 @@  struct nft_chain_type {
 	void				(*free)(struct nft_ctx *ctx);
 };
 
-int nft_chain_validate_dependency(const struct nft_chain *chain,
+int nft_chain_validate_dependency(const struct nft_ctx *ctx,
 				  enum nft_chain_types type);
-int nft_chain_validate_hooks(const struct nft_chain *chain,
+int nft_chain_validate_hooks(const struct nft_ctx *ctx,
                              unsigned int hook_flags);
 
 struct nft_stats {
diff --git a/net/bridge/netfilter/nft_reject_bridge.c b/net/bridge/netfilter/nft_reject_bridge.c
index eaf05de..f3b633b 100644
--- a/net/bridge/netfilter/nft_reject_bridge.c
+++ b/net/bridge/netfilter/nft_reject_bridge.c
@@ -357,8 +357,8 @@  static int nft_reject_bridge_validate(const struct nft_ctx *ctx,
 				      const struct nft_expr *expr,
 				      const struct nft_data **data)
 {
-	return nft_chain_validate_hooks(ctx->chain, (1 << NF_BR_PRE_ROUTING) |
-						    (1 << NF_BR_LOCAL_IN));
+	return nft_chain_validate_hooks(ctx, (1 << NF_BR_PRE_ROUTING) |
+					     (1 << NF_BR_LOCAL_IN));
 }
 
 static int nft_reject_bridge_init(const struct nft_ctx *ctx,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3806db3..13c2fc3 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6132,13 +6132,13 @@  static const struct nfnetlink_subsystem nf_tables_subsys = {
 	.valid_genid	= nf_tables_valid_genid,
 };
 
-int nft_chain_validate_dependency(const struct nft_chain *chain,
+int nft_chain_validate_dependency(const struct nft_ctx *ctx,
 				  enum nft_chain_types type)
 {
 	const struct nft_base_chain *basechain;
 
-	if (nft_is_base_chain(chain)) {
-		basechain = nft_base_chain(chain);
+	if (nft_is_base_chain(ctx->chain)) {
+		basechain = nft_base_chain(ctx->chain);
 		if (basechain->type->type != type)
 			return -EOPNOTSUPP;
 	}
@@ -6146,13 +6146,13 @@  int nft_chain_validate_dependency(const struct nft_chain *chain,
 }
 EXPORT_SYMBOL_GPL(nft_chain_validate_dependency);
 
-int nft_chain_validate_hooks(const struct nft_chain *chain,
+int nft_chain_validate_hooks(const struct nft_ctx *ctx,
 			     unsigned int hook_flags)
 {
 	struct nft_base_chain *basechain;
 
-	if (nft_is_base_chain(chain)) {
-		basechain = nft_base_chain(chain);
+	if (nft_is_base_chain(ctx->chain)) {
+		basechain = nft_base_chain(ctx->chain);
 
 		if ((1 << basechain->ops.hooknum) & hook_flags)
 			return 0;
diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c
index 21df8cc..47dbf94 100644
--- a/net/netfilter/nft_fib.c
+++ b/net/netfilter/nft_fib.c
@@ -59,7 +59,7 @@  int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
 		return -EINVAL;
 	}
 
-	return nft_chain_validate_hooks(ctx->chain, hooks);
+	return nft_chain_validate_hooks(ctx, hooks);
 }
 EXPORT_SYMBOL_GPL(nft_fib_validate);
 
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index b65829b..6165733 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -128,7 +128,7 @@  static int nft_flow_offload_validate(const struct nft_ctx *ctx,
 {
 	unsigned int hook_mask = (1 << NF_INET_FORWARD);
 
-	return nft_chain_validate_hooks(ctx->chain, hook_mask);
+	return nft_chain_validate_hooks(ctx, hook_mask);
 }
 
 static int nft_flow_offload_init(const struct nft_ctx *ctx,
diff --git a/net/netfilter/nft_masq.c b/net/netfilter/nft_masq.c
index 9d8655b..5a32260 100644
--- a/net/netfilter/nft_masq.c
+++ b/net/netfilter/nft_masq.c
@@ -29,11 +29,11 @@  int nft_masq_validate(const struct nft_ctx *ctx,
 {
 	int err;
 
-	err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT);
+	err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT);
 	if (err < 0)
 		return err;
 
-	return nft_chain_validate_hooks(ctx->chain,
+	return nft_chain_validate_hooks(ctx,
 				        (1 << NF_INET_POST_ROUTING));
 }
 EXPORT_SYMBOL_GPL(nft_masq_validate);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 8fb91940..7d14fe3 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -354,7 +354,7 @@  static int nft_meta_get_validate(const struct nft_ctx *ctx,
 		return -EOPNOTSUPP;
 	}
 
-	return nft_chain_validate_hooks(ctx->chain, hooks);
+	return nft_chain_validate_hooks(ctx, hooks);
 #else
 	return 0;
 #endif
@@ -386,7 +386,7 @@  int nft_meta_set_validate(const struct nft_ctx *ctx,
 		return -EOPNOTSUPP;
 	}
 
-	return nft_chain_validate_hooks(ctx->chain, hooks);
+	return nft_chain_validate_hooks(ctx, hooks);
 }
 EXPORT_SYMBOL_GPL(nft_meta_set_validate);
 
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 1f36954..12c00e9 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -94,18 +94,18 @@  static int nft_nat_validate(const struct nft_ctx *ctx,
 	struct nft_nat *priv = nft_expr_priv(expr);
 	int err;
 
-	err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT);
+	err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT);
 	if (err < 0)
 		return err;
 
 	switch (priv->type) {
 	case NFT_NAT_SNAT:
-		err = nft_chain_validate_hooks(ctx->chain,
+		err = nft_chain_validate_hooks(ctx,
 					       (1 << NF_INET_POST_ROUTING) |
 					       (1 << NF_INET_LOCAL_IN));
 		break;
 	case NFT_NAT_DNAT:
-		err = nft_chain_validate_hooks(ctx->chain,
+		err = nft_chain_validate_hooks(ctx,
 					       (1 << NF_INET_PRE_ROUTING) |
 					       (1 << NF_INET_LOCAL_OUT));
 		break;
diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c
index c64cbe7..098a4a4 100644
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -29,11 +29,11 @@  int nft_redir_validate(const struct nft_ctx *ctx,
 {
 	int err;
 
-	err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT);
+	err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT);
 	if (err < 0)
 		return err;
 
-	return nft_chain_validate_hooks(ctx->chain,
+	return nft_chain_validate_hooks(ctx,
 					(1 << NF_INET_PRE_ROUTING) |
 					(1 << NF_INET_LOCAL_OUT));
 }
diff --git a/net/netfilter/nft_reject.c b/net/netfilter/nft_reject.c
index 29f5bd2..74b6e4e 100644
--- a/net/netfilter/nft_reject.c
+++ b/net/netfilter/nft_reject.c
@@ -30,7 +30,7 @@  int nft_reject_validate(const struct nft_ctx *ctx,
 			const struct nft_expr *expr,
 			const struct nft_data **data)
 {
-	return nft_chain_validate_hooks(ctx->chain,
+	return nft_chain_validate_hooks(ctx,
 					(1 << NF_INET_LOCAL_IN) |
 					(1 << NF_INET_FORWARD) |
 					(1 << NF_INET_LOCAL_OUT));
diff --git a/net/netfilter/nft_rt.c b/net/netfilter/nft_rt.c
index 11a2071..b754184 100644
--- a/net/netfilter/nft_rt.c
+++ b/net/netfilter/nft_rt.c
@@ -176,7 +176,7 @@  static int nft_rt_validate(const struct nft_ctx *ctx, const struct nft_expr *exp
 		return -EINVAL;
 	}
 
-	return nft_chain_validate_hooks(ctx->chain, hooks);
+	return nft_chain_validate_hooks(ctx, hooks);
 }
 
 static struct nft_expr_type nft_rt_type;