netfilter: nf_tables: get rid of possible_net_t from set and basechain
We can pass the netns pointer as parameter to the functions that need to gain access to it. From basechains, I didn't find any client for this field anymore so let's remove this too. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
@@ -236,7 +236,8 @@ struct nft_expr;
|
||||
* @features: features supported by the implementation
|
||||
*/
|
||||
struct nft_set_ops {
|
||||
bool (*lookup)(const struct nft_set *set,
|
||||
bool (*lookup)(const struct net *net,
|
||||
const struct nft_set *set,
|
||||
const u32 *key,
|
||||
const struct nft_set_ext **ext);
|
||||
bool (*update)(struct nft_set *set,
|
||||
@@ -248,11 +249,14 @@ struct nft_set_ops {
|
||||
struct nft_regs *regs,
|
||||
const struct nft_set_ext **ext);
|
||||
|
||||
int (*insert)(const struct nft_set *set,
|
||||
int (*insert)(const struct net *net,
|
||||
const struct nft_set *set,
|
||||
const struct nft_set_elem *elem);
|
||||
void (*activate)(const struct nft_set *set,
|
||||
void (*activate)(const struct net *net,
|
||||
const struct nft_set *set,
|
||||
const struct nft_set_elem *elem);
|
||||
void * (*deactivate)(const struct nft_set *set,
|
||||
void * (*deactivate)(const struct net *net,
|
||||
const struct nft_set *set,
|
||||
const struct nft_set_elem *elem);
|
||||
void (*remove)(const struct nft_set *set,
|
||||
const struct nft_set_elem *elem);
|
||||
@@ -295,7 +299,6 @@ void nft_unregister_set(struct nft_set_ops *ops);
|
||||
* @udlen: user data length
|
||||
* @udata: user data
|
||||
* @ops: set ops
|
||||
* @pnet: network namespace
|
||||
* @flags: set flags
|
||||
* @genmask: generation mask
|
||||
* @klen: key length
|
||||
@@ -318,7 +321,6 @@ struct nft_set {
|
||||
unsigned char *udata;
|
||||
/* runtime data below here */
|
||||
const struct nft_set_ops *ops ____cacheline_aligned;
|
||||
possible_net_t pnet;
|
||||
u16 flags:14,
|
||||
genmask:2;
|
||||
u8 klen;
|
||||
@@ -804,7 +806,6 @@ struct nft_stats {
|
||||
* struct nft_base_chain - nf_tables base chain
|
||||
*
|
||||
* @ops: netfilter hook ops
|
||||
* @pnet: net namespace that this chain belongs to
|
||||
* @type: chain type
|
||||
* @policy: default policy
|
||||
* @stats: per-cpu chain stats
|
||||
@@ -813,7 +814,6 @@ struct nft_stats {
|
||||
*/
|
||||
struct nft_base_chain {
|
||||
struct nf_hook_ops ops[NFT_HOOK_OPS_MAX];
|
||||
possible_net_t pnet;
|
||||
const struct nf_chain_type *type;
|
||||
u8 policy;
|
||||
u8 flags;
|
||||
@@ -1009,10 +1009,11 @@ static inline bool nft_set_elem_active(const struct nft_set_ext *ext,
|
||||
return !(ext->genmask & genmask);
|
||||
}
|
||||
|
||||
static inline void nft_set_elem_change_active(const struct nft_set *set,
|
||||
static inline void nft_set_elem_change_active(const struct net *net,
|
||||
const struct nft_set *set,
|
||||
struct nft_set_ext *ext)
|
||||
{
|
||||
ext->genmask ^= nft_genmask_next(read_pnet(&set->pnet));
|
||||
ext->genmask ^= nft_genmask_next(net);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
Reference in New Issue
Block a user