diff mbox series

[nf-next,2/8] netfilter: nf_flowtable: replace init callback with a create one

Message ID 20231121122800.13521-3-fw@strlen.de (mailing list archive)
State Awaiting Upstream
Delegated to: Netdev Maintainers
Headers show
Series netfilter: make nf_flowtable lifetime differ from container struct | expand

Checks

Context Check Description
netdev/series_format warning Target tree name not specified in the subject
netdev/codegen success Generated files up to date
netdev/tree_selection success Guessed tree name to be net-next
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1187 this patch: 1187
netdev/cc_maintainers warning 9 maintainers not CCed: xiyou.wangcong@gmail.com coreteam@netfilter.org edumazet@google.com pabeni@redhat.com kuba@kernel.org jhs@mojatatu.com kadlec@netfilter.org jiri@resnulli.us pablo@netfilter.org
netdev/build_clang success Errors and warnings before: 1154 this patch: 1154
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 1214 this patch: 1214
netdev/checkpatch warning WARNING: line length of 88 exceeds 80 columns WARNING: line length of 89 exceeds 80 columns WARNING: line length of 96 exceeds 80 columns WARNING: line length of 97 exceeds 80 columns
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Florian Westphal Nov. 21, 2023, 12:27 p.m. UTC 
Let the flowtable core allocate the nf_flowtable structure itself.
While at it, move the net and type assignment into the flowtable core.

The returned nf_flowtable pointer can still be released with plain kfree(),
this will be changed in a followup patch.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 include/net/netfilter/nf_flow_table.h |  5 +++--
 net/netfilter/nf_flow_table_core.c    | 19 ++++++++++++++-----
 net/netfilter/nf_flow_table_inet.c    |  6 +++---
 net/netfilter/nf_tables_api.c         |  8 +-------
 net/sched/act_ct.c                    | 12 ++++--------
 5 files changed, 25 insertions(+), 25 deletions(-)
diff mbox series

Patch

diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h
index 36351e441316..d365eabd4a3c 100644
--- a/include/net/netfilter/nf_flow_table.h
+++ b/include/net/netfilter/nf_flow_table.h
@@ -52,7 +52,8 @@  struct nf_flow_rule {
 struct nf_flowtable_type {
 	struct list_head		list;
 	int				family;
-	int				(*init)(struct nf_flowtable *ft);
+	struct nf_flowtable *		(*create)(struct net *net,
+						  const struct nf_flowtable_type *type);
 	bool				(*gc)(const struct flow_offload *flow);
 	int				(*setup)(struct nf_flowtable *ft,
 						 struct net_device *dev,
@@ -279,7 +280,7 @@  void nf_flow_table_gc_cleanup(struct nf_flowtable *flowtable,
 			      struct net_device *dev);
 void nf_flow_table_cleanup(struct net_device *dev);
 
-int nf_flow_table_init(struct nf_flowtable *flow_table);
+struct nf_flowtable *nf_flow_table_create(struct net *net, const struct nf_flowtable_type *type);
 void nf_flow_table_free(struct nf_flowtable *flow_table);
 
 void flow_offload_teardown(struct flow_offload *flow);
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 920a5a29ae1d..375fc9c24149 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -531,29 +531,38 @@  void nf_flow_dnat_port(const struct flow_offload *flow, struct sk_buff *skb,
 }
 EXPORT_SYMBOL_GPL(nf_flow_dnat_port);
 
-int nf_flow_table_init(struct nf_flowtable *flowtable)
+struct nf_flowtable *nf_flow_table_create(struct net *net, const struct nf_flowtable_type *type)
 {
+	struct nf_flowtable *flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL_ACCOUNT);
 	int err;
 
+	if (!flowtable)
+		return NULL;
+
 	INIT_DELAYED_WORK(&flowtable->gc_work, nf_flow_offload_work_gc);
 	flow_block_init(&flowtable->flow_block);
 	init_rwsem(&flowtable->flow_block_lock);
 
 	err = rhashtable_init(&flowtable->rhashtable,
 			      &nf_flow_offload_rhash_params);
-	if (err < 0)
-		return err;
+	if (err < 0) {
+		kfree(flowtable);
+		return NULL;
+	}
 
 	queue_delayed_work(system_power_efficient_wq,
 			   &flowtable->gc_work, HZ);
 
+	write_pnet(&flowtable->net, net);
+	flowtable->type = type;
+
 	mutex_lock(&flowtable_lock);
 	list_add(&flowtable->list, &flowtables);
 	mutex_unlock(&flowtable_lock);
 
-	return 0;
+	return flowtable;
 }
-EXPORT_SYMBOL_GPL(nf_flow_table_init);
+EXPORT_SYMBOL_GPL(nf_flow_table_create);
 
 static void nf_flow_table_do_cleanup(struct nf_flowtable *flow_table,
 				     struct flow_offload *flow, void *data)
diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c
index 9505f9d188ff..7b20a073573d 100644
--- a/net/netfilter/nf_flow_table_inet.c
+++ b/net/netfilter/nf_flow_table_inet.c
@@ -63,7 +63,7 @@  static int nf_flow_rule_route_inet(struct net *net,
 
 static struct nf_flowtable_type flowtable_inet = {
 	.family		= NFPROTO_INET,
-	.init		= nf_flow_table_init,
+	.create		= nf_flow_table_create,
 	.setup		= nf_flow_table_offload_setup,
 	.action		= nf_flow_rule_route_inet,
 	.free		= nf_flow_table_free,
@@ -73,7 +73,7 @@  static struct nf_flowtable_type flowtable_inet = {
 
 static struct nf_flowtable_type flowtable_ipv4 = {
 	.family		= NFPROTO_IPV4,
-	.init		= nf_flow_table_init,
+	.create		= nf_flow_table_create,
 	.setup		= nf_flow_table_offload_setup,
 	.action		= nf_flow_rule_route_ipv4,
 	.free		= nf_flow_table_free,
@@ -83,7 +83,7 @@  static struct nf_flowtable_type flowtable_ipv4 = {
 
 static struct nf_flowtable_type flowtable_ipv6 = {
 	.family		= NFPROTO_IPV6,
-	.init		= nf_flow_table_init,
+	.create		= nf_flow_table_create,
 	.setup		= nf_flow_table_offload_setup,
 	.action		= nf_flow_rule_route_ipv6,
 	.free		= nf_flow_table_free,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ee0de8d9b49c..cce82fef4488 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8400,7 +8400,7 @@  static int nf_tables_newflowtable(struct sk_buff *skb,
 		goto err2;
 	}
 
-	flowtable->ft = kzalloc(sizeof(*flowtable->ft), GFP_KERNEL_ACCOUNT);
+	flowtable->ft = type->create(net, type);
 	if (!flowtable->ft) {
 		err = -ENOMEM;
 		goto err3;
@@ -8415,12 +8415,6 @@  static int nf_tables_newflowtable(struct sk_buff *skb,
 		}
 	}
 
-	write_pnet(&flowtable->ft->net, net);
-	flowtable->ft->type = type;
-	err = type->init(flowtable->ft);
-	if (err < 0)
-		goto err3;
-
 	err = nft_flowtable_parse_hook(&ctx, nla, &flowtable_hook, flowtable,
 				       extack, true);
 	if (err < 0)
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 2a6362becd71..80869cc52348 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -313,17 +313,13 @@  static int tcf_ct_flow_table_get(struct net *net, struct tcf_ct_params *params)
 	if (err)
 		goto err_insert;
 
-	ct_ft->nf_ft = kzalloc(sizeof(*ct_ft->nf_ft), GFP_KERNEL);
+	ct_ft->nf_ft->type = &flowtable_ct;
+	ct_ft->nf_ft = nf_flow_table_create(net, &flowtable_ct);
 	if (!ct_ft->nf_ft)
-		goto err_alloc;
+		goto err_create;
 
-	ct_ft->nf_ft->type = &flowtable_ct;
 	ct_ft->nf_ft->flags |= NF_FLOWTABLE_HW_OFFLOAD |
 			       NF_FLOWTABLE_COUNTER;
-	err = nf_flow_table_init(ct_ft->nf_ft);
-	if (err)
-		goto err_init;
-	write_pnet(&ct_ft->nf_ft->net, net);
 
 	__module_get(THIS_MODULE);
 out_unlock:
@@ -333,7 +329,7 @@  static int tcf_ct_flow_table_get(struct net *net, struct tcf_ct_params *params)
 
 	return 0;
 
-err_init:
+err_create:
 	rhashtable_remove_fast(&zones_ht, &ct_ft->node, zones_params);
 	kfree(ct_ft->nf_ft);
 err_insert: