From: wenxu <wenxu@xxxxxxxxx>
Add nft_offload_netdev_iterate function. It make code more common
and can be used for others.
Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
v3: new patch
net/netfilter/nf_tables_offload.c | 32 +++++++++++++++++++++++---------
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c
index 9657001..e5977cf 100644
--- a/net/netfilter/nf_tables_offload.c
+++ b/net/netfilter/nf_tables_offload.c
@@ -365,16 +365,13 @@ int nft_flow_rule_offload_commit(struct net *net)
return err;
}
-static void nft_indr_block_cb(struct net_device *dev,
- flow_indr_block_bind_cb_t *cb, void *cb_priv,
- enum flow_block_command cmd)
+static struct nft_chain *nft_offload_netdev_iterate(struct net_device *dev)
{
struct nft_base_chain *basechain;
struct net *net = dev_net(dev);
- const struct nft_table *table;
- const struct nft_chain *chain;
+ struct nft_chain *chain;
+ struct nft_table *table;
- mutex_lock(&net->nft.commit_mutex);
list_for_each_entry(table, &net->nft.tables, list) {
if (table->family != NFPROTO_NETDEV)
continue;
@@ -388,11 +385,28 @@ static void nft_indr_block_cb(struct net_device *dev,
if (strncmp(basechain->dev_name, dev->name, IFNAMSIZ))
continue;
- nft_indr_block_ing_cmd(dev, basechain, cb, cb_priv, cmd);
- mutex_unlock(&net->nft.commit_mutex);
- return;
+ return chain;
}
}
+
+ return NULL;
+}
+
+static void nft_indr_block_cb(struct net_device *dev,
+ flow_indr_block_bind_cb_t *cb, void *cb_priv,
+ enum flow_block_command cmd)
+{
+ struct net *net = dev_net(dev);
+ struct nft_chain *chain;
+
+ mutex_lock(&net->nft.commit_mutex);
+ chain = nft_offload_netdev_iterate(dev);
+ if (chain) {
+ struct nft_base_chain *basechain;
+
+ basechain = nft_base_chain(chain);
+ nft_indr_block_ing_cmd(dev, basechain, cb, cb_priv, cmd);
+ }
mutex_unlock(&net->nft.commit_mutex);
}
--
1.8.3.1
