netfilter: nf_tables_offload: refactor the nft_flow_offload_chain function

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pass chain and policy parameters to nft_flow_offload_chain to reuse it.

Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

wenxu and committed by

Pablo Neira Ayuso 6 years ago 8fc618c5 504882db

+13 -7

1 changed file

expand all

net

netfilter

nf_tables_offload.c

+13 -7

net/netfilter/nf_tables_offload.c

··· 294 294 295 295 #define FLOW_SETUP_BLOCK TC_SETUP_BLOCK 296 296 297 - static int nft_flow_offload_chain(struct nft_trans *trans, 297 + static int nft_flow_offload_chain(struct nft_chain *chain, 298 + u8 *ppolicy, 298 299 enum flow_block_command cmd) 299 300 { 300 - struct nft_chain *chain = trans->ctx.chain; 301 301 struct nft_base_chain *basechain; 302 302 struct net_device *dev; 303 + u8 policy; 303 304 304 305 if (!nft_is_base_chain(chain)) 305 306 return -EOPNOTSUPP; ··· 310 309 if (!dev) 311 310 return -EOPNOTSUPP; 312 311 312 + policy = ppolicy ? *ppolicy : basechain->policy; 313 + 313 314 /* Only default policy to accept is supported for now. */ 314 - if (cmd == FLOW_BLOCK_BIND && 315 - nft_trans_chain_policy(trans) != -1 && 316 - nft_trans_chain_policy(trans) != NF_ACCEPT) 315 + if (cmd == FLOW_BLOCK_BIND && policy != -1 && policy != NF_ACCEPT) 317 316 return -EOPNOTSUPP; 318 317 319 318 if (dev->netdev_ops->ndo_setup_tc) ··· 326 325 { 327 326 struct nft_trans *trans; 328 327 int err = 0; 328 + u8 policy; 329 329 330 330 list_for_each_entry(trans, &net->nft.commit_list, list) { 331 331 if (trans->ctx.family != NFPROTO_NETDEV) ··· 337 335 if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)) 338 336 continue; 339 337 340 - err = nft_flow_offload_chain(trans, FLOW_BLOCK_BIND); 338 + policy = nft_trans_chain_policy(trans); 339 + err = nft_flow_offload_chain(trans->ctx.chain, &policy, 340 + FLOW_BLOCK_BIND); 341 341 break; 342 342 case NFT_MSG_DELCHAIN: 343 343 if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)) 344 344 continue; 345 345 346 - err = nft_flow_offload_chain(trans, FLOW_BLOCK_UNBIND); 346 + policy = nft_trans_chain_policy(trans); 347 + err = nft_flow_offload_chain(trans->ctx.chain, &policy, 348 + FLOW_BLOCK_BIND); 347 349 break; 348 350 case NFT_MSG_NEWRULE: 349 351 if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))