Commit 21aa0a03 authored by Phil Sutter's avatar Phil Sutter Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: Introduce nft_register_flowtable_ops() 



Facilitate binding and registering of a flowtable hook via a single
function call.

Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent e225376d

net/netfilter/nf_tables_api.c

+21 −11
Original line number Diff line number Diff line
@@ -8929,6 +8929,26 @@ static void nft_unregister_flowtable_net_hooks(struct net *net, 
	__nft_unregister_flowtable_net_hooks(net, flowtable, hook_list, false);

}



static int nft_register_flowtable_ops(struct net *net,

				      struct nft_flowtable *flowtable,

				      struct nf_hook_ops *ops)

{

	int err;



	err = flowtable->data.type->setup(&flowtable->data,

					  ops->dev, FLOW_BLOCK_BIND);

	if (err < 0)

		return err;



	err = nf_register_net_hook(net, ops);

	if (!err)

		return 0;



	flowtable->data.type->setup(&flowtable->data,

				    ops->dev, FLOW_BLOCK_UNBIND);

	return err;

}



static int nft_register_flowtable_net_hooks(struct net *net,

					    struct nft_table *table,

					    struct list_head *hook_list,
@@ -8949,20 +8969,10 @@ static int nft_register_flowtable_net_hooks(struct net *net, 
			}

		}



		err = flowtable->data.type->setup(&flowtable->data,

						  hook->ops.dev,

						  FLOW_BLOCK_BIND);

		err = nft_register_flowtable_ops(net, flowtable, &hook->ops);

		if (err < 0)

			goto err_unregister_net_hooks;



		err = nf_register_net_hook(net, &hook->ops);

		if (err < 0) {

			flowtable->data.type->setup(&flowtable->data,

						    hook->ops.dev,

						    FLOW_BLOCK_UNBIND);

			goto err_unregister_net_hooks;

		}



		i++;

	}