netfilter: nf_tables: add nft_set_elem_update_expr() helper function (76adfafe) · Commits · 戴 / test

include/net/netfilter/nf_tables.h

+12 −0

Original line number	Diff line number	Diff line
		@@ -890,6 +890,18 @@ static inline struct nft_userdata nft_userdata(const struct nft_rule rule)
		return (void *)&rule->data[rule->dlen];
		}

		static inline void nft_set_elem_update_expr(const struct nft_set_ext *ext,
		struct nft_regs *regs,
		const struct nft_pktinfo *pkt)
		{
		struct nft_expr *expr;

		if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR)) {
		expr = nft_set_ext_expr(ext);
		expr->ops->eval(expr, regs, pkt);
		}
		}

		/*
		* The last pointer isn't really necessary, but the compiler isn't able to
		* determine that the result of nft_expr_last() is always the same since it

+1 −7

Original line number	Diff line number	Diff line
		@@ -81,7 +81,6 @@ void nft_dynset_eval(const struct nft_expr *expr,
		const struct nft_dynset *priv = nft_expr_priv(expr);
		struct nft_set *set = priv->set;
		const struct nft_set_ext *ext;
		const struct nft_expr *sexpr;
		u64 timeout;

		if (priv->op == NFT_DYNSET_OP_DELETE) {
		@@ -91,18 +90,13 @@ void nft_dynset_eval(const struct nft_expr *expr,

		if (set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new,
		expr, regs, &ext)) {
		sexpr = NULL;
		if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR))
		sexpr = nft_set_ext_expr(ext);

		if (priv->op == NFT_DYNSET_OP_UPDATE &&
		nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) {
		timeout = priv->timeout ? : set->timeout;
		*nft_set_ext_expiration(ext) = get_jiffies_64() + timeout;
		}

		if (sexpr != NULL)
		sexpr->ops->eval(sexpr, regs, pkt);
		nft_set_elem_update_expr(ext, regs, pkt);

		if (priv->invert)
		regs->verdict.code = NFT_BREAK;