git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit

author	Liping Zhang <zlpnobody@gmail.com>
	Sun, 5 Mar 2017 13:02:23 +0000 (21:02 +0800)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 6 Mar 2017 17:22:12 +0000 (18:22 +0100)
commit	c56e3956c17bb24d18470122c0513d963e332205
tree	489d704dfb6a0779acd9847408120a6cc338196d	tree
parent	74664cf286dc0d2bf6960293cb219e5f741ac92b	commit \| diff

netfilter: nf_tables: validate the expr explicitly after init successfully

When we want to validate the expr's dependency or hooks, we must do two
things to accomplish it. First, write a X_validate callback function
and point ->validate to it. Second, call X_validate in init routine.
This is very common, such as fib, nat, reject expr and so on ...

It is a little ugly, since we will call X_validate in the expr's init
routine, it's better to do it in nf_tables_newexpr. So we can avoid to
do this again and again. After doing this, the second step listed above
is not useful anymore, remove them now.

Patch was tested by nftables/tests/py/nft-test.py and
nftables/tests/shell/run-tests.sh.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/bridge/netfilter/nft_reject_bridge.c		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nft_compat.c		diff \| blob \| blame \| history
net/netfilter/nft_fib.c		diff \| blob \| blame \| history
net/netfilter/nft_masq.c		diff \| blob \| blame \| history
net/netfilter/nft_meta.c		diff \| blob \| blame \| history
net/netfilter/nft_nat.c		diff \| blob \| blame \| history
net/netfilter/nft_redir.c		diff \| blob \| blame \| history
net/netfilter/nft_reject.c		diff \| blob \| blame \| history
net/netfilter/nft_reject_inet.c		diff \| blob \| blame \| history