Commit 2a67414a authored by Phil Sutter's avatar Phil Sutter Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: Flowtable hook's pf value never varies 



When checking for duplicate hooks in nft_register_flowtable_net_hooks(),
comparing ops.pf value is pointless as it is always NFPROTO_NETDEV with
flowtable hooks.

Dropping the check leaves the search identical to the one in
nft_hook_list_find() so call that function instead of open coding.

Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent d01ed324

net/netfilter/nf_tables_api.c

+4 −7
Original line number Diff line number Diff line
@@ -8895,7 +8895,7 @@ static int nft_register_flowtable_net_hooks(struct net *net, 
					    struct list_head *hook_list,

					    struct nft_flowtable *flowtable)

{

	struct nft_hook *hook, *hook2, *next;

	struct nft_hook *hook, *next;

	struct nft_flowtable *ft;

	int err, i = 0;
@@ -8904,14 +8904,11 @@ static int nft_register_flowtable_net_hooks(struct net *net, 
			if (!nft_is_active_next(net, ft))

				continue;



			list_for_each_entry(hook2, &ft->hook_list, list) {

				if (hook->ops.dev == hook2->ops.dev &&

				    hook->ops.pf == hook2->ops.pf) {

			if (nft_hook_list_find(&ft->hook_list, hook)) {

				err = -EEXIST;

				goto err_unregister_net_hooks;

			}

		}

		}



		err = flowtable->data.type->setup(&flowtable->data,

						  hook->ops.dev,