+5

include/net/netfilter/nf_tables.h

reviewed

··· 911 911 return container_of(chain, struct nft_base_chain, chain); 912 912 } 913 913 914 914 + static inline bool nft_is_base_chain(const struct nft_chain *chain) 915 915 + { 916 916 + return chain->flags & NFT_BASE_CHAIN; 917 917 + } 918 918 + 914 919 int __nft_release_basechain(struct nft_ctx *ctx); 915 920 916 921 unsigned int nft_do_chain(struct nft_pktinfo *pkt, void *priv);

+15 -15

net/netfilter/nf_tables_api.c

reviewed

··· 144 144 unsigned int hook_nops) 145 145 { 146 146 if (table->flags & NFT_TABLE_F_DORMANT || 147 147 - !(chain->flags & NFT_BASE_CHAIN)) 147 147 + !nft_is_base_chain(chain)) 148 148 return 0; 149 149 150 150 return nf_register_net_hooks(net, nft_base_chain(chain)->ops, ··· 157 157 unsigned int hook_nops) 158 158 { 159 159 if (table->flags & NFT_TABLE_F_DORMANT || 160 160 - !(chain->flags & NFT_BASE_CHAIN)) 160 160 + !nft_is_base_chain(chain)) 161 161 return; 162 162 163 163 nf_unregister_net_hooks(net, nft_base_chain(chain)->ops, hook_nops); ··· 587 587 list_for_each_entry(chain, &table->chains, list) { 588 588 if (!nft_is_active_next(net, chain)) 589 589 continue; 590 590 - if (!(chain->flags & NFT_BASE_CHAIN)) 590 590 + if (!nft_is_base_chain(chain)) 591 591 continue; 592 592 593 593 if (cnt && i++ == cnt) ··· 608 608 list_for_each_entry(chain, &table->chains, list) { 609 609 if (!nft_is_active_next(net, chain)) 610 610 continue; 611 611 - if (!(chain->flags & NFT_BASE_CHAIN)) 611 611 + if (!nft_is_base_chain(chain)) 612 612 continue; 613 613 614 614 err = nf_register_net_hooks(net, nft_base_chain(chain)->ops, ··· 1007 1007 if (nla_put_string(skb, NFTA_CHAIN_NAME, chain->name)) 1008 1008 goto nla_put_failure; 1009 1009 1010 1010 - if (chain->flags & NFT_BASE_CHAIN) { 1010 1010 + if (nft_is_base_chain(chain)) { 1011 1011 const struct nft_base_chain *basechain = nft_base_chain(chain); 1012 1012 const struct nf_hook_ops *ops = &basechain->ops[0]; 1013 1013 struct nlattr *nest; ··· 1226 1226 { 1227 1227 BUG_ON(chain->use > 0); 1228 1228 1229 1229 - if (chain->flags & NFT_BASE_CHAIN) { 1229 1229 + if (nft_is_base_chain(chain)) { 1230 1230 struct nft_base_chain *basechain = nft_base_chain(chain); 1231 1231 1232 1232 module_put(basechain->type->owner); ··· 1364 1364 } 1365 1365 1366 1366 if (nla[NFTA_CHAIN_POLICY]) { 1367 1367 - if ((chain != NULL && 1368 1368 - !(chain->flags & NFT_BASE_CHAIN))) 1367 1367 + if (chain != NULL && 1368 1368 + !nft_is_base_chain(chain)) 1369 1369 return -EOPNOTSUPP; 1370 1370 1371 1371 if (chain == NULL && ··· 1396 1396 struct nft_chain_hook hook; 1397 1397 struct nf_hook_ops *ops; 1398 1398 1399 1399 - if (!(chain->flags & NFT_BASE_CHAIN)) 1399 1399 + if (!nft_is_base_chain(chain)) 1400 1400 return -EBUSY; 1401 1401 1402 1402 err = nft_chain_parse_hook(net, nla, afi, &hook, ··· 1433 1433 } 1434 1434 1435 1435 if (nla[NFTA_CHAIN_COUNTERS]) { 1436 1436 - if (!(chain->flags & NFT_BASE_CHAIN)) 1436 1436 + if (!nft_is_base_chain(chain)) 1437 1437 return -EOPNOTSUPP; 1438 1438 1439 1439 stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]); ··· 4708 4708 if (nft_trans_chain_name(trans)[0]) 4709 4709 strcpy(trans->ctx.chain->name, nft_trans_chain_name(trans)); 4710 4710 4711 4711 - if (!(trans->ctx.chain->flags & NFT_BASE_CHAIN)) 4711 4711 + if (!nft_is_base_chain(trans->ctx.chain)) 4712 4712 return; 4713 4713 4714 4714 basechain = nft_base_chain(trans->ctx.chain); ··· 5022 5022 { 5023 5023 const struct nft_base_chain *basechain; 5024 5024 5025 5025 - if (chain->flags & NFT_BASE_CHAIN) { 5025 5025 + if (nft_is_base_chain(chain)) { 5026 5026 basechain = nft_base_chain(chain); 5027 5027 if (basechain->type->type != type) 5028 5028 return -EOPNOTSUPP; ··· 5036 5036 { 5037 5037 struct nft_base_chain *basechain; 5038 5038 5039 5039 - if (chain->flags & NFT_BASE_CHAIN) { 5039 5039 + if (nft_is_base_chain(chain)) { 5040 5040 basechain = nft_base_chain(chain); 5041 5041 5042 5042 if ((1 << basechain->ops[0].hooknum) & hook_flags) ··· 5345 5345 tb[NFTA_VERDICT_CHAIN], genmask); 5346 5346 if (IS_ERR(chain)) 5347 5347 return PTR_ERR(chain); 5348 5348 - if (chain->flags & NFT_BASE_CHAIN) 5348 5348 + if (nft_is_base_chain(chain)) 5349 5349 return -EOPNOTSUPP; 5350 5350 5351 5351 chain->use++; ··· 5518 5518 { 5519 5519 struct nft_rule *rule, *nr; 5520 5520 5521 5521 - BUG_ON(!(ctx->chain->flags & NFT_BASE_CHAIN)); 5521 5521 + BUG_ON(!nft_is_base_chain(ctx->chain)); 5522 5522 5523 5523 nf_tables_unregister_hooks(ctx->net, ctx->chain->table, ctx->chain, 5524 5524 ctx->afi->nops);

+1 -1

net/netfilter/nf_tables_netdev.c

reviewed

··· 128 128 list_for_each_entry(table, &afi->tables, list) { 129 129 ctx.table = table; 130 130 list_for_each_entry_safe(chain, nr, &table->chains, list) { 131 131 - if (!(chain->flags & NFT_BASE_CHAIN)) 131 131 + if (!nft_is_base_chain(chain)) 132 132 continue; 133 133 134 134 ctx.chain = chain;

+6 -5

net/netfilter/nft_compat.c

reviewed

··· 42 42 { 43 43 const struct nft_base_chain *basechain; 44 44 45 45 - if (!tablename || !(chain->flags & NFT_BASE_CHAIN)) 45 45 + if (!tablename || 46 46 + !nft_is_base_chain(chain)) 46 47 return 0; 47 48 48 49 basechain = nft_base_chain(chain); ··· 166 165 par->entryinfo = entry; 167 166 par->target = target; 168 167 par->targinfo = info; 169 169 - if (ctx->chain->flags & NFT_BASE_CHAIN) { 168 168 + if (nft_is_base_chain(ctx->chain)) { 170 169 const struct nft_base_chain *basechain = 171 170 nft_base_chain(ctx->chain); 172 171 const struct nf_hook_ops *ops = &basechain->ops[0]; ··· 299 298 unsigned int hook_mask = 0; 300 299 int ret; 301 300 302 302 - if (ctx->chain->flags & NFT_BASE_CHAIN) { 301 301 + if (nft_is_base_chain(ctx->chain)) { 303 302 const struct nft_base_chain *basechain = 304 303 nft_base_chain(ctx->chain); 305 304 const struct nf_hook_ops *ops = &basechain->ops[0]; ··· 380 379 par->entryinfo = entry; 381 380 par->match = match; 382 381 par->matchinfo = info; 383 383 - if (ctx->chain->flags & NFT_BASE_CHAIN) { 382 382 + if (nft_is_base_chain(ctx->chain)) { 384 383 const struct nft_base_chain *basechain = 385 384 nft_base_chain(ctx->chain); 386 385 const struct nf_hook_ops *ops = &basechain->ops[0]; ··· 478 477 unsigned int hook_mask = 0; 479 478 int ret; 480 479 481 481 - if (ctx->chain->flags & NFT_BASE_CHAIN) { 480 480 + if (nft_is_base_chain(ctx->chain)) { 482 481 const struct nft_base_chain *basechain = 483 482 nft_base_chain(ctx->chain); 484 483 const struct nf_hook_ops *ops = &basechain->ops[0];