[PATCH nf-next 1/3] netfilter: nf_offload: Make nft_flow_offload_chain public

wenxu@xxxxxxxxx · Mon, 19 Aug 2019 17:45:03 +0800

From: wenxu <wenxu@xxxxxxxxx>

Refactor nft_flow_offload_chain and make it public in header

Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
 include/net/netfilter/nf_tables_offload.h |  3 +++
 net/netfilter/nf_tables_offload.c         | 25 ++++++++++++++++---------
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h
index 8a5969d9..a13aab1 100644
--- a/include/net/netfilter/nf_tables_offload.h
+++ b/include/net/netfilter/nf_tables_offload.h
@@ -69,6 +69,9 @@ void nft_indr_block_get_and_ing_cmd(struct net_device *dev,
 				    void *cb_priv,
 				    enum flow_block_command command);
 
+int nft_flow_offload_chain(struct nft_chain *chain,
+			   enum flow_block_command cmd);
+
 #define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\
 	(__reg)->base_offset	=					\
 		offsetof(struct nft_flow_key, __base);			\
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index fd8d3ab..3ffe4bb 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -262,10 +262,9 @@ static int nft_indr_block_offload_cmd(struct nft_base_chain *chain,
 
 #define FLOW_SETUP_BLOCK TC_SETUP_BLOCK
 
-static int nft_flow_offload_chain(struct nft_trans *trans,
-				  enum flow_block_command cmd)
+int nft_flow_offload_chain(struct nft_chain *chain,
+			   enum flow_block_command cmd)
 {
-	struct nft_chain *chain = trans->ctx.chain;
 	struct nft_base_chain *basechain;
 	struct net_device *dev;
 
@@ -277,16 +276,24 @@ static int nft_flow_offload_chain(struct nft_trans *trans,
 	if (!dev)
 		return -EOPNOTSUPP;
 
+	if (dev->netdev_ops->ndo_setup_tc)
+		return nft_block_offload_cmd(basechain, dev, cmd);
+	else
+		return nft_indr_block_offload_cmd(basechain, dev, cmd);
+}
+
+static int __nft_flow_offload_chain(struct nft_trans *trans,
+				    enum flow_block_command cmd)
+{
+	struct nft_chain *chain = trans->ctx.chain;
+
 	/* Only default policy to accept is supported for now. */
 	if (cmd == FLOW_BLOCK_BIND &&
 	    nft_trans_chain_policy(trans) != -1 &&
 	    nft_trans_chain_policy(trans) != NF_ACCEPT)
 		return -EOPNOTSUPP;
 
-	if (dev->netdev_ops->ndo_setup_tc)
-		return nft_block_offload_cmd(basechain, dev, cmd);
-	else
-		return nft_indr_block_offload_cmd(basechain, dev, cmd);
+	return nft_flow_offload_chain(chain, cmd);
 }
 
 int nft_flow_rule_offload_commit(struct net *net)
@@ -303,13 +310,13 @@ int nft_flow_rule_offload_commit(struct net *net)
 			if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
 				continue;
 
-			err = nft_flow_offload_chain(trans, FLOW_BLOCK_BIND);
+			err = __nft_flow_offload_chain(trans, FLOW_BLOCK_BIND);
 			break;
 		case NFT_MSG_DELCHAIN:
 			if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
 				continue;
 
-			err = nft_flow_offload_chain(trans, FLOW_BLOCK_UNBIND);
+			err = __nft_flow_offload_chain(trans, FLOW_BLOCK_UNBIND);
 			break;
 		case NFT_MSG_NEWRULE:
 			if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
-- 
1.8.3.1







