netfilter: nf_tables: remove nft_ctx_init_from_setattr()

Replace nft_ctx_init_from_setattr() by nft_table_lookup().

This patch also disentangles nf_tables_delset() where NFTA_SET_TABLE is
required while nft_ctx_init_from_setattr() allows it to be optional.

From the nf_tables_delset() path, this also allows to set up the context
structure when it is needed.

Removing this helper function saves us 14 LoC, so it is not helping to
consolidate code.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 2fbcb25..6c2000a 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3639,30 +3639,6 @@ static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
        [NFTA_SET_DESC_CONCAT]          = { .type = NLA_NESTED },
 };
 
-static int nft_ctx_init_from_setattr(struct nft_ctx *ctx, struct net *net,
-                                    const struct sk_buff *skb,
-                                    const struct nlmsghdr *nlh,
-                                    const struct nlattr * const nla[],
-                                    struct netlink_ext_ack *extack,
-                                    u8 genmask, u32 nlpid)
-{
-       const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
-       int family = nfmsg->nfgen_family;
-       struct nft_table *table = NULL;
-
-       if (nla[NFTA_SET_TABLE] != NULL) {
-               table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
-                                        genmask, nlpid);
-               if (IS_ERR(table)) {
-                       NL_SET_BAD_ATTR(extack, nla[NFTA_SET_TABLE]);
-                       return PTR_ERR(table);
-               }
-       }
-
-       nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla);
-       return 0;
-}
-
 static struct nft_set *nft_set_lookup(const struct nft_table *table,
                                      const struct nlattr *nla, u8 genmask)
 {
@@ -4044,17 +4020,24 @@ static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info,
 {
        struct netlink_ext_ack *extack = info->extack;
        u8 genmask = nft_genmask_cur(info->net);
+       u8 family = info->nfmsg->nfgen_family;
+       struct nft_table *table = NULL;
        struct net *net = info->net;
        const struct nft_set *set;
        struct sk_buff *skb2;
        struct nft_ctx ctx;
        int err;
 
-       /* Verify existence before starting dump */
-       err = nft_ctx_init_from_setattr(&ctx, net, skb, info->nlh, nla, extack,
-                                       genmask, 0);
-       if (err < 0)
-               return err;
+       if (nla[NFTA_SET_TABLE]) {
+               table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
+                                        genmask, 0);
+               if (IS_ERR(table)) {
+                       NL_SET_BAD_ATTR(extack, nla[NFTA_SET_TABLE]);
+                       return PTR_ERR(table);
+               }
+       }
+
+       nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
 
        if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
                struct netlink_dump_control c = {
@@ -4074,7 +4057,7 @@ static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info,
        if (!nla[NFTA_SET_TABLE])
                return -EINVAL;
 
-       set = nft_set_lookup(ctx.table, nla[NFTA_SET_NAME], genmask);
+       set = nft_set_lookup(table, nla[NFTA_SET_NAME], genmask);
        if (IS_ERR(set))
                return PTR_ERR(set);
 
@@ -4467,28 +4450,29 @@ static int nf_tables_delset(struct sk_buff *skb, const struct nfnl_info *info,
 {
        struct netlink_ext_ack *extack = info->extack;
        u8 genmask = nft_genmask_next(info->net);
+       u8 family = info->nfmsg->nfgen_family;
        struct net *net = info->net;
        const struct nlattr *attr;
+       struct nft_table *table;
        struct nft_set *set;
        struct nft_ctx ctx;
-       int err;
 
        if (info->nfmsg->nfgen_family == NFPROTO_UNSPEC)
                return -EAFNOSUPPORT;
-       if (nla[NFTA_SET_TABLE] == NULL)
-               return -EINVAL;
 
-       err = nft_ctx_init_from_setattr(&ctx, net, skb, info->nlh, nla, extack,
-                                       genmask, NETLINK_CB(skb).portid);
-       if (err < 0)
-               return err;
+       table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
+                                genmask, NETLINK_CB(skb).portid);
+       if (IS_ERR(table)) {
+               NL_SET_BAD_ATTR(extack, nla[NFTA_SET_TABLE]);
+               return PTR_ERR(table);
+       }
 
        if (nla[NFTA_SET_HANDLE]) {
                attr = nla[NFTA_SET_HANDLE];
-               set = nft_set_lookup_byhandle(ctx.table, attr, genmask);
+               set = nft_set_lookup_byhandle(table, attr, genmask);
        } else {
                attr = nla[NFTA_SET_NAME];
-               set = nft_set_lookup(ctx.table, attr, genmask);
+               set = nft_set_lookup(table, attr, genmask);
        }
 
        if (IS_ERR(set)) {
@@ -4502,6 +4486,8 @@ static int nf_tables_delset(struct sk_buff *skb, const struct nfnl_info *info,
                return -EBUSY;
        }
 
+       nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
+
        return nft_delset(&ctx, set);
 }