tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx

It would be better to not store nft_ctx inside nft_trans object,
the netlink ctx strucutre is huge and most of its information is
never needed in places that use trans->ctx.

Avoid/reduce its usage if possible, no runtime behaviour change
intended.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 8965d42b 06fcaca2

+10 -11
+1 -1
include/net/netfilter/nf_tables.h
··· 1171 1171 1172 1172 int nft_chain_add(struct nft_table *table, struct nft_chain *chain); 1173 1173 void nft_chain_del(struct nft_chain *chain); 1174 - void nf_tables_chain_destroy(struct nft_ctx *ctx); 1174 + void nf_tables_chain_destroy(struct nft_chain *chain); 1175 1175 1176 1176 struct nft_stats { 1177 1177 u64 bytes;
+8 -9
net/netfilter/nf_tables_api.c
··· 2118 2118 kvfree(chain->blob_next); 2119 2119 } 2120 2120 2121 - void nf_tables_chain_destroy(struct nft_ctx *ctx) 2121 + void nf_tables_chain_destroy(struct nft_chain *chain) 2122 2122 { 2123 - struct nft_chain *chain = ctx->chain; 2123 + const struct nft_table *table = chain->table; 2124 2124 struct nft_hook *hook, *next; 2125 2125 2126 2126 if (WARN_ON(chain->use > 0)) ··· 2132 2132 if (nft_is_base_chain(chain)) { 2133 2133 struct nft_base_chain *basechain = nft_base_chain(chain); 2134 2134 2135 - if (nft_base_chain_netdev(ctx->family, basechain->ops.hooknum)) { 2135 + if (nft_base_chain_netdev(table->family, basechain->ops.hooknum)) { 2136 2136 list_for_each_entry_safe(hook, next, 2137 2137 &basechain->hook_list, list) { 2138 2138 list_del_rcu(&hook->list); ··· 2621 2621 err_trans: 2622 2622 nft_use_dec_restore(&table->use); 2623 2623 err_destroy_chain: 2624 - nf_tables_chain_destroy(ctx); 2624 + nf_tables_chain_destroy(chain); 2625 2625 2626 2626 return err; 2627 2627 } ··· 9532 9532 if (nft_trans_chain_update(trans)) 9533 9533 nft_hooks_destroy(&nft_trans_chain_hooks(trans)); 9534 9534 else 9535 - nf_tables_chain_destroy(&trans->ctx); 9535 + nf_tables_chain_destroy(nft_trans_chain(trans)); 9536 9536 break; 9537 9537 case NFT_MSG_DELRULE: 9538 9538 case NFT_MSG_DESTROYRULE: ··· 10524 10524 if (nft_trans_chain_update(trans)) 10525 10525 nft_hooks_destroy(&nft_trans_chain_hooks(trans)); 10526 10526 else 10527 - nf_tables_chain_destroy(&trans->ctx); 10527 + nf_tables_chain_destroy(nft_trans_chain(trans)); 10528 10528 break; 10529 10529 case NFT_MSG_NEWRULE: 10530 10530 nf_tables_rule_destroy(&trans->ctx, nft_trans_rule(trans)); ··· 11411 11411 } 11412 11412 nft_chain_del(ctx->chain); 11413 11413 nft_use_dec(&ctx->table->use); 11414 - nf_tables_chain_destroy(ctx); 11414 + nf_tables_chain_destroy(ctx->chain); 11415 11415 11416 11416 return 0; 11417 11417 } ··· 11486 11486 nft_obj_destroy(&ctx, obj); 11487 11487 } 11488 11488 list_for_each_entry_safe(chain, nc, &table->chains, list) { 11489 - ctx.chain = chain; 11490 11489 nft_chain_del(chain); 11491 11490 nft_use_dec(&table->use); 11492 - nf_tables_chain_destroy(&ctx); 11491 + nf_tables_chain_destroy(chain); 11493 11492 } 11494 11493 nf_tables_table_destroy(&ctx); 11495 11494 }
+1 -1
net/netfilter/nft_immediate.c
··· 221 221 list_del(&rule->list); 222 222 nf_tables_rule_destroy(&chain_ctx, rule); 223 223 } 224 - nf_tables_chain_destroy(&chain_ctx); 224 + nf_tables_chain_destroy(chain); 225 225 break; 226 226 default: 227 227 break;