صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
PUBLIC_REPOS
/
ti-processor-sdk-linux
2
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

netfilter: nf_tables: refactor rule deletion helper

This helper function always schedule the rule to be removed in the following
transaction.
In follow-up patches, it is interesting to handle separately the logic of rule
activation/disactivation from the transaction mechanism.

So, this patch simply splits the original nf_tables_delrule_one() in two
functions, allowing further control.

While at it, for the sake of homigeneize the function naming scheme, let's
rename nf_tables_delrule_one() to nft_delrule().

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Arturo Borrero 11 سال پیش
والد
876665eafc
کامیت
5e266fe7c0
1فایلهای تغییر یافته به همراه21 افزوده شده و 5 حذف شده
نمای یکپارچه نمایش آمار تفاوت ها
  1. 21 5
      net/netfilter/nf_tables_api.c

+ 21 - 5
net/netfilter/nf_tables_api.c
مشاهده فایل 

@@ -1868,12 +1868,10 @@ err1:
 
 }
 
 }
 
 
 
 static int
 
 static int
 
-nf_tables_delrule_one(struct nft_ctx *ctx, struct nft_rule *rule)
 
+nf_tables_delrule_deactivate(struct nft_ctx *ctx, struct nft_rule *rule)
 
 {
 
 {
 
 	/* You cannot delete the same rule twice */
 
 	/* You cannot delete the same rule twice */
 
 	if (nft_rule_is_active_next(ctx->net, rule)) {
 
 	if (nft_rule_is_active_next(ctx->net, rule)) {
 
-		if (nft_trans_rule_add(ctx, NFT_MSG_DELRULE, rule) == NULL)
 
-			return -ENOMEM;
 
 		nft_rule_disactivate_next(ctx->net, rule);
 
 		nft_rule_disactivate_next(ctx->net, rule);
 
 		ctx->chain->use--;
 
 		ctx->chain->use--;
 
 		return 0;
 
 		return 0;
 
@@ -1881,13 +1879,31 @@ nf_tables_delrule_one(struct nft_ctx *ctx, struct nft_rule *rule)
 
 	return -ENOENT;
 
 	return -ENOENT;
 
 }
 
 }
 
 
 
+static int nft_delrule(struct nft_ctx *ctx, struct nft_rule *rule)
 
+{
 
+	struct nft_trans *trans;
 
+	int err;
 
+
 
+	trans = nft_trans_rule_add(ctx, NFT_MSG_DELRULE, rule);
 
+	if (trans == NULL)
 
+		return -ENOMEM;
 
+
 
+	err = nf_tables_delrule_deactivate(ctx, rule);
 
+	if (err < 0) {
 
+		nft_trans_destroy(trans);
 
+		return err;
 
+	}
 
+
 
+	return 0;
 
+}
 
+
 
 static int nf_table_delrule_by_chain(struct nft_ctx *ctx)
 
 static int nf_table_delrule_by_chain(struct nft_ctx *ctx)
 
 {
 
 {
 
 	struct nft_rule *rule;
 
 	struct nft_rule *rule;
 
 	int err;
 
 	int err;
 
 
 
 	list_for_each_entry(rule, &ctx->chain->rules, list) {
 
 	list_for_each_entry(rule, &ctx->chain->rules, list) {
 
-		err = nf_tables_delrule_one(ctx, rule);
 
+		err = nft_delrule(ctx, rule);
 
 		if (err < 0)
 
 		if (err < 0)
 
 			return err;
 
 			return err;
 
 	}
 
 	}
 
@@ -1932,7 +1948,7 @@ static int nf_tables_delrule(struct sock *nlsk, struct sk_buff *skb,
 
 			if (IS_ERR(rule))
 
 			if (IS_ERR(rule))
 
 				return PTR_ERR(rule);
 
 				return PTR_ERR(rule);
 
 
 
-			err = nf_tables_delrule_one(&ctx, rule);
 
+			err = nft_delrule(&ctx, rule);
 
 		} else {
 
 		} else {
 
 			err = nf_table_delrule_by_chain(&ctx);
 
 			err = nf_table_delrule_by_chain(&ctx);
 
 		}
 
 		}