rpms / iptables

Clone
Source Code
GIT

Blame SOURCES/0026-nft-Make-batch_add_chain-return-the-added-batch-obje.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   aca4c4338ab44bf4d7f9afa65a4dfcb6b2383b9a
  2.   SOURCES
  3.   0026-nft-Make-batch_add_chain-return-the-added-batch-obje.patch
Blob History Raw
9c35a8 
From d1b516014e4883f30ee2faf264dd89a6d7940e2c Mon Sep 17 00:00:00 2001
9c35a8 
From: Phil Sutter <phil@nwl.cc>
9c35a8 
Date: Sat, 3 Oct 2020 17:46:09 +0200
9c35a8 
Subject: [PATCH] nft: Make batch_add_chain() return the added batch object
9c35a8
9c35a8 
Do this so in a later patch the 'skip' field can be adjusted.
9c35a8
9c35a8 
While being at it, simplify a few callers and eliminate the need for a
9c35a8 
'ret' variable.
9c35a8
9c35a8 
Signed-off-by: Phil Sutter <phil@nwl.cc>
9c35a8 
Reviewed-by: Florian Westphal <fw@strlen.de>
9c35a8 
(cherry picked from commit 0d77e64e8d9b8a3984b01a4951524dc40f61f4b6)
9c35a8
9c35a8 
Conflicts:
9c35a8 
	iptables/nft.c
9c35a8 
-> Upstream changed good/bad return codes of nft_chain_restore()
9c35a8 
   function.
9c35a8
9c35a8 
Signed-off-by: Phil Sutter <psutter@redhat.com>
9c35a8 
---
9c35a8 
 iptables/nft.c | 35 +++++++++++++++++------------------
9c35a8 
 1 file changed, 17 insertions(+), 18 deletions(-)
9c35a8
9c35a8 
diff --git a/iptables/nft.c b/iptables/nft.c
9c35a8 
index e95e99f1d8d71..0efd18d57320f 100644
9c35a8 
--- a/iptables/nft.c
9c35a8 
+++ b/iptables/nft.c
9c35a8 
@@ -398,10 +398,11 @@ batch_set_add(struct nft_handle *h, enum obj_update_type type,
9c35a8 
 	return batch_add(h, type, s);
9c35a8 
 }
9c35a8
9c35a8 
-static int batch_chain_add(struct nft_handle *h, enum obj_update_type type,
9c35a8 
+static struct obj_update *
9c35a8 
+batch_chain_add(struct nft_handle *h, enum obj_update_type type,
9c35a8 
 			   struct nftnl_chain *c)
9c35a8 
 {
9c35a8 
-	return batch_add(h, type, c) ? 0 : -1;
9c35a8 
+	return batch_add(h, type, c);
9c35a8 
 }
9c35a8
9c35a8 
 static struct obj_update *
9c35a8 
@@ -910,7 +911,6 @@ int nft_chain_set(struct nft_handle *h, const char *table,
9c35a8 
 		  const struct xt_counters *counters)
9c35a8 
 {
9c35a8 
 	struct nftnl_chain *c = NULL;
9c35a8 
-	int ret;
9c35a8
9c35a8 
 	nft_fn = nft_chain_set;
9c35a8
9c35a8 
@@ -924,10 +924,11 @@ int nft_chain_set(struct nft_handle *h, const char *table,
9c35a8 
 	if (c == NULL)
9c35a8 
 		return 0;
9c35a8
9c35a8 
-	ret = batch_chain_add(h, NFT_COMPAT_CHAIN_UPDATE, c);
9c35a8 
+	if (!batch_chain_add(h, NFT_COMPAT_CHAIN_UPDATE, c))
9c35a8 
+		return 0;
9c35a8
9c35a8 
 	/* the core expects 1 for success and 0 for error */
9c35a8 
-	return ret == 0 ? 1 : 0;
9c35a8 
+	return 1;
9c35a8 
 }
9c35a8
9c35a8 
 static int __add_match(struct nftnl_expr *e, struct xt_entry_match *m)
9c35a8 
@@ -1734,7 +1735,6 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
9c35a8 
 {
9c35a8 
 	struct nftnl_chain_list *list;
9c35a8 
 	struct nftnl_chain *c;
9c35a8 
-	int ret;
9c35a8
9c35a8 
 	nft_fn = nft_chain_user_add;
9c35a8
9c35a8 
@@ -1754,14 +1754,15 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
9c35a8 
 	if (h->family == NFPROTO_BRIDGE)
9c35a8 
 		nftnl_chain_set_u32(c, NFTNL_CHAIN_POLICY, NF_ACCEPT);
9c35a8
9c35a8 
-	ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c);
9c35a8 
+	if (!batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c))
9c35a8 
+		return 0;
9c35a8
9c35a8 
 	list = nft_chain_list_get(h, table, chain);
9c35a8 
 	if (list)
9c35a8 
 		nftnl_chain_list_add(c, list);
9c35a8
9c35a8 
 	/* the core expects 1 for success and 0 for error */
9c35a8 
-	return ret == 0 ? 1 : 0;
9c35a8 
+	return 1;
9c35a8 
 }
9c35a8
9c35a8 
 int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table)
9c35a8 
@@ -1769,7 +1770,6 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table
9c35a8 
 	struct nftnl_chain_list *list;
9c35a8 
 	struct nftnl_chain *c;
9c35a8 
 	bool created = false;
9c35a8 
-	int ret;
9c35a8
9c35a8 
 	c = nft_chain_find(h, table, chain);
9c35a8 
 	if (c) {
9c35a8 
@@ -1794,13 +1794,14 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table
9c35a8 
 	if (!created)
9c35a8 
 		return 0;
9c35a8
9c35a8 
-	ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c);
9c35a8 
+	if (!batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c))
9c35a8 
+		return -1;
9c35a8
9c35a8 
 	list = nft_chain_list_get(h, table, chain);
9c35a8 
 	if (list)
9c35a8 
 		nftnl_chain_list_add(c, list);
9c35a8
9c35a8 
-	return ret;
9c35a8 
+	return 0;
9c35a8 
 }
9c35a8
9c35a8 
 /* From linux/netlink.h */
9c35a8 
@@ -1818,7 +1819,6 @@ static int __nft_chain_user_del(struct nftnl_chain *c, void *data)
9c35a8 
 {
9c35a8 
 	struct chain_user_del_data *d = data;
9c35a8 
 	struct nft_handle *h = d->handle;
9c35a8 
-	int ret;
9c35a8
9c35a8 
 	/* don't delete built-in chain */
9c35a8 
 	if (nft_chain_builtin(c))
9c35a8 
@@ -1834,8 +1834,7 @@ static int __nft_chain_user_del(struct nftnl_chain *c, void *data)
9c35a8
9c35a8 
 	/* XXX This triggers a fast lookup from the kernel. */
9c35a8 
 	nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
9c35a8 
-	ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_DEL, c);
9c35a8 
-	if (ret)
9c35a8 
+	if (!batch_chain_add(h, NFT_COMPAT_CHAIN_USER_DEL, c))
9c35a8 
 		return -1;
9c35a8
9c35a8 
 	nftnl_chain_list_del(c);
9c35a8 
@@ -1910,7 +1909,6 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
9c35a8 
 {
9c35a8 
 	struct nftnl_chain *c;
9c35a8 
 	uint64_t handle;
9c35a8 
-	int ret;
9c35a8
9c35a8 
 	nft_fn = nft_chain_user_rename;
9c35a8
9c35a8 
@@ -1941,10 +1939,11 @@ int nft_chain_user_rename(struct nft_handle *h,const char *chain,
9c35a8 
 	nftnl_chain_set_str(c, NFTNL_CHAIN_NAME, newname);
9c35a8 
 	nftnl_chain_set_u64(c, NFTNL_CHAIN_HANDLE, handle);
9c35a8
9c35a8 
-	ret = batch_chain_add(h, NFT_COMPAT_CHAIN_RENAME, c);
9c35a8 
+	if (!batch_chain_add(h, NFT_COMPAT_CHAIN_RENAME, c))
9c35a8 
+		return 0;
9c35a8
9c35a8 
 	/* the core expects 1 for success and 0 for error */
9c35a8 
-	return ret == 0 ? 1 : 0;
9c35a8 
+	return 1;
9c35a8 
 }
9c35a8
9c35a8 
 bool nft_table_find(struct nft_handle *h, const char *tablename)
9c35a8 
@@ -3217,7 +3216,7 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
9c35a8 
 		nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, 0);
9c35a8 
 		nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES, 0);
9c35a8 
 		nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
9c35a8 
-		if (batch_chain_add(h, NFT_COMPAT_CHAIN_ZERO, c))
9c35a8 
+		if (!batch_chain_add(h, NFT_COMPAT_CHAIN_ZERO, c))
9c35a8 
 			return -1;
9c35a8 
 	}
9c35a8
9c35a8 
--
9c35a8 
2.28.0
9c35a8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation