Commit 405c8fd6 authored by Phil Sutter's avatar Phil Sutter Committed by Florian Westphal
Browse files

netfilter: nf_tables: Carry reset flag in nft_rule_dump_ctx 



This relieves the dump callback from having to check nlmsg_type upon
each call and instead performs the check once in .start callback.

Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
parent 30fa41a0

net/netfilter/nf_tables_api.c

+9 −10
Original line number Diff line number Diff line
@@ -3443,15 +3443,16 @@ static void audit_log_rule_reset(const struct nft_table *table, 
struct nft_rule_dump_ctx {

	char *table;

	char *chain;

	bool reset;

};



static int __nf_tables_dump_rules(struct sk_buff *skb,

				  unsigned int *idx,

				  struct netlink_callback *cb,

				  const struct nft_table *table,

				  const struct nft_chain *chain,

				  bool reset)

				  const struct nft_chain *chain)

{

	struct nft_rule_dump_ctx *ctx = cb->data;

	struct net *net = sock_net(skb->sk);

	const struct nft_rule *rule, *prule;

	unsigned int s_idx = cb->args[0];
@@ -3475,7 +3476,7 @@ static int __nf_tables_dump_rules(struct sk_buff *skb, 
					NFT_MSG_NEWRULE,

					NLM_F_MULTI | NLM_F_APPEND,

					table->family,

					table, chain, rule, handle, reset) < 0) {

					table, chain, rule, handle, ctx->reset) < 0) {

			ret = 1;

			break;

		}
@@ -3487,7 +3488,7 @@ static int __nf_tables_dump_rules(struct sk_buff *skb, 
		(*idx)++;

	}



	if (reset && entries)

	if (ctx->reset && entries)

		audit_log_rule_reset(table, cb->seq, entries);



	return ret;
@@ -3504,10 +3505,6 @@ static int nf_tables_dump_rules(struct sk_buff *skb, 
	struct net *net = sock_net(skb->sk);

	int family = nfmsg->nfgen_family;

	struct nftables_pernet *nft_net;

	bool reset = false;



	if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)

		reset = true;



	rcu_read_lock();

	nft_net = nft_pernet(net);
@@ -3532,7 +3529,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb, 
				if (!nft_is_active(net, chain))

					continue;

				__nf_tables_dump_rules(skb, &idx,

						       cb, table, chain, reset);

						       cb, table, chain);

				break;

			}

			goto done;
@@ -3540,7 +3537,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb, 


		list_for_each_entry_rcu(chain, &table->chains, list) {

			if (__nf_tables_dump_rules(skb, &idx,

						   cb, table, chain, reset))

						   cb, table, chain))

				goto done;

		}
@@ -3578,6 +3575,8 @@ static int nf_tables_dump_rules_start(struct netlink_callback *cb) 
			return -ENOMEM;

		}

	}

	if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)

		ctx->reset = true;



	cb->data = ctx;

	return 0;