Commit 6509a2e4 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: set backend .flush always succeeds 



.flush is always successful since this results from iterating over the
set elements to toggle mark the element as inactive in the next
generation.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 26cec9d4

include/net/netfilter/nf_tables.h

+1 −1
Original line number Diff line number Diff line
@@ -449,7 +449,7 @@ struct nft_set_ops { 
	void *				(*deactivate)(const struct net *net,

						      const struct nft_set *set,

						      const struct nft_set_elem *elem);

	bool				(*flush)(const struct net *net,

	void				(*flush)(const struct net *net,

						 const struct nft_set *set,

						 void *priv);

	void				(*remove)(const struct net *net,

net/netfilter/nf_tables_api.c

+1 −8
Original line number Diff line number Diff line
@@ -7146,17 +7146,13 @@ static int nft_setelem_flush(const struct nft_ctx *ctx, 
			     struct nft_set_elem *elem)

{

	struct nft_trans *trans;

	int err;



	trans = nft_trans_alloc_gfp(ctx, NFT_MSG_DELSETELEM,

				    sizeof(struct nft_trans_elem), GFP_ATOMIC);

	if (!trans)

		return -ENOMEM;



	if (!set->ops->flush(ctx->net, set, elem->priv)) {

		err = -ENOENT;

		goto err1;

	}

	set->ops->flush(ctx->net, set, elem->priv);

	set->ndeact++;



	nft_setelem_data_deactivate(ctx->net, set, elem);
@@ -7165,9 +7161,6 @@ static int nft_setelem_flush(const struct nft_ctx *ctx, 
	nft_trans_commit_list_add_tail(ctx->net, trans);



	return 0;

err1:

	kfree(trans);

	return err;

}



static int __nft_set_catchall_flush(const struct nft_ctx *ctx,

net/netfilter/nft_set_bitmap.c

+1 −3
Original line number Diff line number Diff line
@@ -174,7 +174,7 @@ static void nft_bitmap_activate(const struct net *net, 
	nft_set_elem_change_active(net, set, &be->ext);

}



static bool nft_bitmap_flush(const struct net *net,

static void nft_bitmap_flush(const struct net *net,

			     const struct nft_set *set, void *_be)

{

	struct nft_bitmap *priv = nft_set_priv(set);
@@ -186,8 +186,6 @@ static bool nft_bitmap_flush(const struct net *net, 
	/* Enter 10 state, similar to deactivation. */

	priv->bitmap[idx] &= ~(genmask << off);

	nft_set_elem_change_active(net, set, &be->ext);



	return true;

}



static void *nft_bitmap_deactivate(const struct net *net,

net/netfilter/nft_set_hash.c

+2 −5
Original line number Diff line number Diff line
@@ -192,14 +192,12 @@ static void nft_rhash_activate(const struct net *net, const struct nft_set *set, 
	nft_set_elem_change_active(net, set, &he->ext);

}



static bool nft_rhash_flush(const struct net *net,

static void nft_rhash_flush(const struct net *net,

			    const struct nft_set *set, void *priv)

{

	struct nft_rhash_elem *he = priv;



	nft_set_elem_change_active(net, set, &he->ext);



	return true;

}



static void *nft_rhash_deactivate(const struct net *net,
@@ -590,13 +588,12 @@ static void nft_hash_activate(const struct net *net, const struct nft_set *set, 
	nft_set_elem_change_active(net, set, &he->ext);

}



static bool nft_hash_flush(const struct net *net,

static void nft_hash_flush(const struct net *net,

			   const struct nft_set *set, void *priv)

{

	struct nft_hash_elem *he = priv;



	nft_set_elem_change_active(net, set, &he->ext);

	return true;

}



static void *nft_hash_deactivate(const struct net *net,

net/netfilter/nft_set_pipapo.c

+1 −3
Original line number Diff line number Diff line
@@ -1809,14 +1809,12 @@ static void *nft_pipapo_deactivate(const struct net *net, 
 *

 * Return: true if element was found and deactivated.

 */

static bool nft_pipapo_flush(const struct net *net, const struct nft_set *set,

static void nft_pipapo_flush(const struct net *net, const struct nft_set *set,

			     void *elem)

{

	struct nft_pipapo_elem *e = elem;



	nft_set_elem_change_active(net, set, &e->ext);



	return true;

}



/**