Commit 9cdee063 authored by Phil Sutter's avatar Phil Sutter Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: Carry reset boolean in nft_set_dump_ctx 



Relieve the dump callback from having to check nlmsg_type upon each
call. Prep work for set element reset locking.

Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 078996fc

net/netfilter/nf_tables_api.c

+8 −10
Original line number Diff line number Diff line
@@ -5715,6 +5715,7 @@ static void audit_log_nft_set_reset(const struct nft_table *table, 
struct nft_set_dump_ctx {

	const struct nft_set	*set;

	struct nft_ctx		ctx;

	bool			reset;

};



static int nft_set_catchall_dump(struct net *net, struct sk_buff *skb,
@@ -5752,7 +5753,6 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) 
	bool set_found = false;

	struct nlmsghdr *nlh;

	struct nlattr *nest;

	bool reset = false;

	u32 portid, seq;

	int event;
@@ -5800,12 +5800,9 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) 
	if (nest == NULL)

		goto nla_put_failure;



	if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)

		reset = true;



	args.cb			= cb;

	args.skb		= skb;

	args.reset		= reset;

	args.reset		= dump_ctx->reset;

	args.iter.genmask	= nft_genmask_cur(net);

	args.iter.skip		= cb->args[0];

	args.iter.count		= 0;
@@ -5815,11 +5812,11 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) 


	if (!args.iter.err && args.iter.count == cb->args[0])

		args.iter.err = nft_set_catchall_dump(net, skb, set,

						      reset, cb->seq);

						      dump_ctx->reset, cb->seq);

	nla_nest_end(skb, nest);

	nlmsg_end(skb, nlh);



	if (reset && args.iter.count > args.iter.skip)

	if (dump_ctx->reset && args.iter.count > args.iter.skip)

		audit_log_nft_set_reset(table, cb->seq,

					args.iter.count - args.iter.skip);
@@ -6072,6 +6069,9 @@ static int nf_tables_getsetelem(struct sk_buff *skb, 


	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);



	if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)

		reset = true;



	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {

		struct netlink_dump_control c = {

			.start = nf_tables_dump_set_start,
@@ -6082,6 +6082,7 @@ static int nf_tables_getsetelem(struct sk_buff *skb, 
		struct nft_set_dump_ctx dump_ctx = {

			.set = set,

			.ctx = ctx,

			.reset = reset,

		};



		c.data = &dump_ctx;
@@ -6091,9 +6092,6 @@ static int nf_tables_getsetelem(struct sk_buff *skb, 
	if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])

		return -EINVAL;



	if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)

		reset = true;



	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {

		err = nft_get_set_elem(&ctx, set, attr, reset);

		if (err < 0) {