netfilter: nf_tables: add helper to unregister chain hooks

This patch adds a helper function to unregister chain hooks in the chain
deletion path. Basically, a code factorization.

The new function is useful in follow-up patches.

Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3664bab1c76c986b6ee553cb86d986e9905addc5..90e3496511789a91661059d62f7e16df74cff55c 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -127,6 +127,15 @@ static void nft_trans_destroy(struct nft_trans *trans)
        kfree(trans);
 }
 
+static void nf_tables_unregister_hooks(const struct nft_table *table,
+                                      const struct nft_chain *chain,
+                                      unsigned int hook_nops)
+{
+       if (!(table->flags & NFT_TABLE_F_DORMANT) &&
+           chain->flags & NFT_BASE_CHAIN)
+               nf_unregister_hooks(nft_base_chain(chain)->ops, hook_nops);
+}
+
 /*
  * Tables
  */
@@ -1157,11 +1166,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
        list_add_tail_rcu(&chain->list, &table->chains);
        return 0;
 err2:
-       if (!(table->flags & NFT_TABLE_F_DORMANT) &&
-           chain->flags & NFT_BASE_CHAIN) {
-               nf_unregister_hooks(nft_base_chain(chain)->ops,
-                                   afi->nops);
-       }
+       nf_tables_unregister_hooks(table, chain, afi->nops);
 err1:
        nf_tables_chain_destroy(chain);
        return err;
@@ -3368,11 +3373,9 @@ static int nf_tables_commit(struct sk_buff *skb)
                        break;
                case NFT_MSG_DELCHAIN:
                        nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
-                       if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) &&
-                           trans->ctx.chain->flags & NFT_BASE_CHAIN) {
-                               nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
-                                                   trans->ctx.afi->nops);
-                       }
+                       nf_tables_unregister_hooks(trans->ctx.table,
+                                                  trans->ctx.chain,
+                                                  trans->ctx.afi->nops);
                        break;
                case NFT_MSG_NEWRULE:
                        nft_rule_clear(trans->ctx.net, nft_trans_rule(trans));
@@ -3495,11 +3498,9 @@ static int nf_tables_abort(struct sk_buff *skb)
                        } else {
                                trans->ctx.table->use--;
                                list_del_rcu(&trans->ctx.chain->list);
-                               if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT) &&
-                                   trans->ctx.chain->flags & NFT_BASE_CHAIN) {
-                                       nf_unregister_hooks(nft_base_chain(trans->ctx.chain)->ops,
-                                                           trans->ctx.afi->nops);
-                               }
+                               nf_tables_unregister_hooks(trans->ctx.table,
+                                                          trans->ctx.chain,
+                                                          trans->ctx.afi->nops);
                        }
                        break;
                case NFT_MSG_DELCHAIN: