This patch prepares for next patches.
The nft_chain_validate_hooks and
nft_chain_validate_dependency are going to use both net and nft_chain.
Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
---
include/net/netfilter/nf_tables.h | 4 ++--
net/bridge/netfilter/nft_reject_bridge.c | 4 ++--
net/netfilter/nf_tables_api.c | 12 ++++++------
net/netfilter/nft_fib.c | 2 +-
net/netfilter/nft_flow_offload.c | 2 +-
net/netfilter/nft_masq.c | 4 ++--
net/netfilter/nft_meta.c | 4 ++--
net/netfilter/nft_nat.c | 6 +++---
net/netfilter/nft_redir.c | 4 ++--
net/netfilter/nft_reject.c | 2 +-
net/netfilter/nft_rt.c | 2 +-
11 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index a1e28dd..7eb4802 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -903,9 +903,9 @@ struct nft_chain_type {
void (*free)(struct nft_ctx *ctx);
};
-int nft_chain_validate_dependency(const struct nft_chain *chain,
+int nft_chain_validate_dependency(const struct nft_ctx *ctx,
enum nft_chain_types type);
-int nft_chain_validate_hooks(const struct nft_chain *chain,
+int nft_chain_validate_hooks(const struct nft_ctx *ctx,
unsigned int hook_flags);
struct nft_stats {
diff --git a/net/bridge/netfilter/nft_reject_bridge.c b/net/bridge/netfilter/nft_reject_bridge.c
index eaf05de..f3b633b 100644
--- a/net/bridge/netfilter/nft_reject_bridge.c
+++ b/net/bridge/netfilter/nft_reject_bridge.c
@@ -357,8 +357,8 @@ static int nft_reject_bridge_validate(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nft_data **data)
{
- return nft_chain_validate_hooks(ctx->chain, (1 << NF_BR_PRE_ROUTING) |
- (1 << NF_BR_LOCAL_IN));
+ return nft_chain_validate_hooks(ctx, (1 << NF_BR_PRE_ROUTING) |
+ (1 << NF_BR_LOCAL_IN));
}
static int nft_reject_bridge_init(const struct nft_ctx *ctx,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3806db3..13c2fc3 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6132,13 +6132,13 @@ static const struct nfnetlink_subsystem nf_tables_subsys = {
.valid_genid = nf_tables_valid_genid,
};
-int nft_chain_validate_dependency(const struct nft_chain *chain,
+int nft_chain_validate_dependency(const struct nft_ctx *ctx,
enum nft_chain_types type)
{
const struct nft_base_chain *basechain;
- if (nft_is_base_chain(chain)) {
- basechain = nft_base_chain(chain);
+ if (nft_is_base_chain(ctx->chain)) {
+ basechain = nft_base_chain(ctx->chain);
if (basechain->type->type != type)
return -EOPNOTSUPP;
}
@@ -6146,13 +6146,13 @@ int nft_chain_validate_dependency(const struct nft_chain *chain,
}
EXPORT_SYMBOL_GPL(nft_chain_validate_dependency);
-int nft_chain_validate_hooks(const struct nft_chain *chain,
+int nft_chain_validate_hooks(const struct nft_ctx *ctx,
unsigned int hook_flags)
{
struct nft_base_chain *basechain;
- if (nft_is_base_chain(chain)) {
- basechain = nft_base_chain(chain);
+ if (nft_is_base_chain(ctx->chain)) {
+ basechain = nft_base_chain(ctx->chain);
if ((1 << basechain->ops.hooknum) & hook_flags)
return 0;
diff --git a/net/netfilter/nft_fib.c b/net/netfilter/nft_fib.c
index 21df8cc..47dbf94 100644
--- a/net/netfilter/nft_fib.c
+++ b/net/netfilter/nft_fib.c
@@ -59,7 +59,7 @@ int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
return -EINVAL;
}
- return nft_chain_validate_hooks(ctx->chain, hooks);
+ return nft_chain_validate_hooks(ctx, hooks);
}
EXPORT_SYMBOL_GPL(nft_fib_validate);
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c
index b65829b..6165733 100644
--- a/net/netfilter/nft_flow_offload.c
+++ b/net/netfilter/nft_flow_offload.c
@@ -128,7 +128,7 @@ static int nft_flow_offload_validate(const struct nft_ctx *ctx,
{
unsigned int hook_mask = (1 << NF_INET_FORWARD);
- return nft_chain_validate_hooks(ctx->chain, hook_mask);
+ return nft_chain_validate_hooks(ctx, hook_mask);
}
static int nft_flow_offload_init(const struct nft_ctx *ctx,
diff --git a/net/netfilter/nft_masq.c b/net/netfilter/nft_masq.c
index 9d8655b..5a32260 100644
--- a/net/netfilter/nft_masq.c
+++ b/net/netfilter/nft_masq.c
@@ -29,11 +29,11 @@ int nft_masq_validate(const struct nft_ctx *ctx,
{
int err;
- err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT);
+ err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT);
if (err < 0)
return err;
- return nft_chain_validate_hooks(ctx->chain,
+ return nft_chain_validate_hooks(ctx,
(1 << NF_INET_POST_ROUTING));
}
EXPORT_SYMBOL_GPL(nft_masq_validate);
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 8fb91940..7d14fe3 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -354,7 +354,7 @@ static int nft_meta_get_validate(const struct nft_ctx *ctx,
return -EOPNOTSUPP;
}
- return nft_chain_validate_hooks(ctx->chain, hooks);
+ return nft_chain_validate_hooks(ctx, hooks);
#else
return 0;
#endif
@@ -386,7 +386,7 @@ int nft_meta_set_validate(const struct nft_ctx *ctx,
return -EOPNOTSUPP;
}
- return nft_chain_validate_hooks(ctx->chain, hooks);
+ return nft_chain_validate_hooks(ctx, hooks);
}
EXPORT_SYMBOL_GPL(nft_meta_set_validate);
diff --git a/net/netfilter/nft_nat.c b/net/netfilter/nft_nat.c
index 1f36954..12c00e9 100644
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -94,18 +94,18 @@ static int nft_nat_validate(const struct nft_ctx *ctx,
struct nft_nat *priv = nft_expr_priv(expr);
int err;
- err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT);
+ err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT);
if (err < 0)
return err;
switch (priv->type) {
case NFT_NAT_SNAT:
- err = nft_chain_validate_hooks(ctx->chain,
+ err = nft_chain_validate_hooks(ctx,
(1 << NF_INET_POST_ROUTING) |
(1 << NF_INET_LOCAL_IN));
break;
case NFT_NAT_DNAT:
- err = nft_chain_validate_hooks(ctx->chain,
+ err = nft_chain_validate_hooks(ctx,
(1 << NF_INET_PRE_ROUTING) |
(1 << NF_INET_LOCAL_OUT));
break;
diff --git a/net/netfilter/nft_redir.c b/net/netfilter/nft_redir.c
index c64cbe7..098a4a4 100644
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -29,11 +29,11 @@ int nft_redir_validate(const struct nft_ctx *ctx,
{
int err;
- err = nft_chain_validate_dependency(ctx->chain, NFT_CHAIN_T_NAT);
+ err = nft_chain_validate_dependency(ctx, NFT_CHAIN_T_NAT);
if (err < 0)
return err;
- return nft_chain_validate_hooks(ctx->chain,
+ return nft_chain_validate_hooks(ctx,
(1 << NF_INET_PRE_ROUTING) |
(1 << NF_INET_LOCAL_OUT));
}
diff --git a/net/netfilter/nft_reject.c b/net/netfilter/nft_reject.c
index 29f5bd2..74b6e4e 100644
--- a/net/netfilter/nft_reject.c
+++ b/net/netfilter/nft_reject.c
@@ -30,7 +30,7 @@ int nft_reject_validate(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nft_data **data)
{
- return nft_chain_validate_hooks(ctx->chain,
+ return nft_chain_validate_hooks(ctx,
(1 << NF_INET_LOCAL_IN) |
(1 << NF_INET_FORWARD) |
(1 << NF_INET_LOCAL_OUT));
diff --git a/net/netfilter/nft_rt.c b/net/netfilter/nft_rt.c
index 11a2071..b754184 100644
--- a/net/netfilter/nft_rt.c
+++ b/net/netfilter/nft_rt.c
@@ -176,7 +176,7 @@ static int nft_rt_validate(const struct nft_ctx *ctx, const struct nft_expr *exp
return -EINVAL;
}
- return nft_chain_validate_hooks(ctx->chain, hooks);
+ return nft_chain_validate_hooks(ctx, hooks);
}
static struct nft_expr_type nft_rt_type;
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
