[PATCH nf-next 06/19] netfilter: nf_tables: pass more specific nft_trans_chain where possible

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
	pabeni@redhat.com, edumazet@google.com, fw@strlen.de
Subject: [PATCH nf-next 06/19] netfilter: nf_tables: pass more specific nft_trans_chain where possible
Date: Thu, 27 Jun 2024 13:27:00 +0200	[thread overview]
Message-ID: <20240627112713.4846-7-pablo@netfilter.org> (raw)
In-Reply-To: <20240627112713.4846-1-pablo@netfilter.org>

From: Florian Westphal <fw@strlen.de>

These functions pass a pointer to the base object type, use the
more specific one.  No functional change intended.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_tables_api.c | 51 ++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index bdc2d7f781ca..62a4da955574 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -448,6 +448,7 @@ nft_trans_alloc_chain(const struct nft_ctx *ctx, int msg_type)
 
 	trans_chain = nft_trans_container_chain(trans);
 	INIT_LIST_HEAD(&trans_chain->nft_trans_binding.binding_list);
+	trans_chain->chain = ctx->chain;
 
 	return trans;
 }
@@ -468,7 +469,6 @@ static struct nft_trans *nft_trans_chain_add(struct nft_ctx *ctx, int msg_type)
 				ntohl(nla_get_be32(ctx->nla[NFTA_CHAIN_ID]));
 		}
 	}
-	nft_trans_chain(trans) = ctx->chain;
 	nft_trans_commit_list_add_tail(ctx->net, trans);
 
 	return trans;
@@ -2089,18 +2089,19 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
 	return newstats;
 }
 
-static void nft_chain_stats_replace(struct nft_trans *trans)
+static void nft_chain_stats_replace(struct nft_trans_chain *trans)
 {
-	struct nft_base_chain *chain = nft_base_chain(trans->ctx.chain);
+	const struct nft_trans *t = &trans->nft_trans_binding.nft_trans;
+	struct nft_base_chain *chain = nft_base_chain(trans->chain);
 
-	if (!nft_trans_chain_stats(trans))
+	if (!trans->stats)
 		return;
 
-	nft_trans_chain_stats(trans) =
-		rcu_replace_pointer(chain->stats, nft_trans_chain_stats(trans),
-				    lockdep_commit_lock_is_held(trans->ctx.net));
+	trans->stats =
+		rcu_replace_pointer(chain->stats, trans->stats,
+				    lockdep_commit_lock_is_held(t->ctx.net));
 
-	if (!nft_trans_chain_stats(trans))
+	if (!trans->stats)
 		static_branch_inc(&nft_counters_enabled);
 }
 
@@ -9456,47 +9457,47 @@ static int nf_tables_validate(struct net *net)
  *
  * We defer the drop policy until the transaction has been finalized.
  */
-static void nft_chain_commit_drop_policy(struct nft_trans *trans)
+static void nft_chain_commit_drop_policy(struct nft_trans_chain *trans)
 {
 	struct nft_base_chain *basechain;
 
-	if (nft_trans_chain_policy(trans) != NF_DROP)
+	if (trans->policy != NF_DROP)
 		return;
 
-	if (!nft_is_base_chain(trans->ctx.chain))
+	if (!nft_is_base_chain(trans->chain))
 		return;
 
-	basechain = nft_base_chain(trans->ctx.chain);
+	basechain = nft_base_chain(trans->chain);
 	basechain->policy = NF_DROP;
 }
 
-static void nft_chain_commit_update(struct nft_trans *trans)
+static void nft_chain_commit_update(struct nft_trans_chain *trans)
 {
-	struct nft_table *table = trans->ctx.table;
+	struct nft_table *table = trans->nft_trans_binding.nft_trans.ctx.table;
 	struct nft_base_chain *basechain;
 
-	if (nft_trans_chain_name(trans)) {
+	if (trans->name) {
 		rhltable_remove(&table->chains_ht,
-				&trans->ctx.chain->rhlhead,
+				&trans->chain->rhlhead,
 				nft_chain_ht_params);
-		swap(trans->ctx.chain->name, nft_trans_chain_name(trans));
+		swap(trans->chain->name, trans->name);
 		rhltable_insert_key(&table->chains_ht,
-				    trans->ctx.chain->name,
-				    &trans->ctx.chain->rhlhead,
+				    trans->chain->name,
+				    &trans->chain->rhlhead,
 				    nft_chain_ht_params);
 	}
 
-	if (!nft_is_base_chain(trans->ctx.chain))
+	if (!nft_is_base_chain(trans->chain))
 		return;
 
 	nft_chain_stats_replace(trans);
 
-	basechain = nft_base_chain(trans->ctx.chain);
+	basechain = nft_base_chain(trans->chain);
 
-	switch (nft_trans_chain_policy(trans)) {
+	switch (trans->policy) {
 	case NF_DROP:
 	case NF_ACCEPT:
-		basechain->policy = nft_trans_chain_policy(trans);
+		basechain->policy = trans->policy;
 		break;
 	}
 }
@@ -10309,14 +10310,14 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
 			break;
 		case NFT_MSG_NEWCHAIN:
 			if (nft_trans_chain_update(trans)) {
-				nft_chain_commit_update(trans);
+				nft_chain_commit_update(nft_trans_container_chain(trans));
 				nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN,
 						       &nft_trans_chain_hooks(trans));
 				list_splice(&nft_trans_chain_hooks(trans),
 					    &nft_trans_basechain(trans)->hook_list);
 				/* trans destroyed after rcu grace period */
 			} else {
-				nft_chain_commit_drop_policy(trans);
+				nft_chain_commit_drop_policy(nft_trans_container_chain(trans));
 				nft_clear(net, trans->ctx.chain);
 				nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN, NULL);
 				nft_trans_destroy(trans);
-- 
2.30.2

next prev parent reply	other threads:[~2024-06-27 11:27 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-27 11:26 [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next Pablo Neira Ayuso
2024-06-27 11:26 ` [PATCH nf-next 01/19] netfilter: nf_tables: make struct nft_trans first member of derived subtypes Pablo Neira Ayuso
2024-06-27 11:26 ` [PATCH nf-next 02/19] netfilter: nf_tables: move bind list_head into relevant subtypes Pablo Neira Ayuso
2024-06-27 11:26 ` [PATCH nf-next 03/19] netfilter: nf_tables: compact chain+ft transaction objects Pablo Neira Ayuso
2024-06-27 11:26 ` [PATCH nf-next 04/19] netfilter: nf_tables: reduce trans->ctx.table references Pablo Neira Ayuso
2024-06-27 11:26 ` [PATCH nf-next 05/19] netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx Pablo Neira Ayuso
2024-06-27 11:27 ` Pablo Neira Ayuso [this message]
2024-06-27 11:27 ` [PATCH nf-next 07/19] netfilter: nf_tables: avoid usage of embedded nft_ctx Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 08/19] netfilter: nf_tables: store chain pointer in rule transaction Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 09/19] netfilter: nf_tables: reduce trans->ctx.chain references Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 10/19] netfilter: nf_tables: pass nft_table to destroy function Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 11/19] netfilter: nf_tables: do not store nft_ctx in transaction objects Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 12/19] ipvs: Avoid unnecessary calls to skb_is_gso_sctp Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 13/19] netfilter: nf_conncount: fix wrong variable type Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 14/19] netfilter: cttimeout: remove 'l3num' attr check Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 15/19] netfilter: nf_tables: rise cap on SELinux secmark context Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 16/19] netfilter: nfnetlink_queue: unbreak SCTP traffic Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 17/19] selftests: netfilter: nft_queue.sh: sctp coverage Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 18/19] selftests: netfilter: nft_queue.sh: add test for disappearing listener Pablo Neira Ayuso
2024-06-27 11:27 ` [PATCH nf-next 19/19] netfilter: xt_recent: Lift restrictions on max hitcount value Pablo Neira Ayuso
2024-06-27 11:28 ` [PATCH nf-next 00/19] Netfilter/IPVS updates for net-next Pablo Neira Ayuso
2024-06-27 18:32   ` Jakub Kicinski
2024-06-27 20:00     ` Florian Westphal
2024-06-28 13:36     ` Pablo Neira Ayuso
2024-06-28 15:17     ` Florian Westphal

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:bdc2d7f781c dfblob:62a4da95557 )
 OR (
bs:"[PATCH nf-next 06/19] netfilter: nf_tables: pass more specific nft_trans_chain where possible" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240627112713.4846-7-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=fw@strlen.de \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).