From: wenxu <[email protected]> Add nft_offload_netdev_iterate function. It make code more common and can be used for others.
Signed-off-by: wenxu <[email protected]> --- v3: new patch net/netfilter/nf_tables_offload.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index 9657001..e5977cf 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -365,16 +365,13 @@ int nft_flow_rule_offload_commit(struct net *net) return err; } -static void nft_indr_block_cb(struct net_device *dev, - flow_indr_block_bind_cb_t *cb, void *cb_priv, - enum flow_block_command cmd) +static struct nft_chain *nft_offload_netdev_iterate(struct net_device *dev) { struct nft_base_chain *basechain; struct net *net = dev_net(dev); - const struct nft_table *table; - const struct nft_chain *chain; + struct nft_chain *chain; + struct nft_table *table; - mutex_lock(&net->nft.commit_mutex); list_for_each_entry(table, &net->nft.tables, list) { if (table->family != NFPROTO_NETDEV) continue; @@ -388,11 +385,28 @@ static void nft_indr_block_cb(struct net_device *dev, if (strncmp(basechain->dev_name, dev->name, IFNAMSIZ)) continue; - nft_indr_block_ing_cmd(dev, basechain, cb, cb_priv, cmd); - mutex_unlock(&net->nft.commit_mutex); - return; + return chain; } } + + return NULL; +} + +static void nft_indr_block_cb(struct net_device *dev, + flow_indr_block_bind_cb_t *cb, void *cb_priv, + enum flow_block_command cmd) +{ + struct net *net = dev_net(dev); + struct nft_chain *chain; + + mutex_lock(&net->nft.commit_mutex); + chain = nft_offload_netdev_iterate(dev); + if (chain) { + struct nft_base_chain *basechain; + + basechain = nft_base_chain(chain); + nft_indr_block_ing_cmd(dev, basechain, cb, cb_priv, cmd); + } mutex_unlock(&net->nft.commit_mutex); } -- 1.8.3.1
