netfilter: nft_set: remove indirection from update API call

This stems from a time when sets and nft_dynset resided in different kernel
modules.  We can replace this with a direct call.

We could even remove both ->update and ->delete, given its only
supported by rhashtable, but on the off-chance we'll see runtime
add/delete for other types or a new set type keep that as-is for now.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 5b6725475906b0941d58581329f8287255e94262..891e43a01bdc31ba1bf07af6604ecb3a6d3fdeff 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -464,10 +464,6 @@ struct nft_set_ops {
                                                  const u32 *key);
        const struct nft_set_ext *      (*update)(struct nft_set *set,
                                                  const u32 *key,
-                                                 struct nft_elem_priv *
-                                                       (*new)(struct nft_set *,
-                                                              const struct nft_expr *,
-                                                              struct nft_regs *),
                                                  const struct nft_expr *expr,
                                                  struct nft_regs *regs);
        bool                            (*delete)(const struct nft_set *set,

diff --git a/include/net/netfilter/nf_tables_core.h b/include/net/netfilter/nf_tables_core.h
index 6a52fb97b84438b555ca9f99625ad1f42380a477..6c2f483d9828ddfcde6dee9612689f071e83384c 100644 (file)
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -188,4 +188,7 @@ void nft_objref_eval(const struct nft_expr *expr, struct nft_regs *regs,
                     const struct nft_pktinfo *pkt);
 void nft_objref_map_eval(const struct nft_expr *expr, struct nft_regs *regs,
                         const struct nft_pktinfo *pkt);
+struct nft_elem_priv *nft_dynset_new(struct nft_set *set,
+                                    const struct nft_expr *expr,
+                                    struct nft_regs *regs);
 #endif /* _NET_NF_TABLES_CORE_H */

diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index e24493d9e7761561e611a39da86e97b560ecf9ba..7807d812966464908b44911b79b8eb2efa097a27 100644 (file)
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -44,9 +44,9 @@ static int nft_dynset_expr_setup(const struct nft_dynset *priv,
        return 0;
 }
 
-static struct nft_elem_priv *nft_dynset_new(struct nft_set *set,
-                                           const struct nft_expr *expr,
-                                           struct nft_regs *regs)
+struct nft_elem_priv *nft_dynset_new(struct nft_set *set,
+                                    const struct nft_expr *expr,
+                                    struct nft_regs *regs)
 {
        const struct nft_dynset *priv = nft_expr_priv(expr);
        struct nft_set_ext *ext;
@@ -91,8 +91,7 @@ void nft_dynset_eval(const struct nft_expr *expr,
                return;
        }
 
-       ext = set->ops->update(set, &regs->data[priv->sreg_key], nft_dynset_new,
-                            expr, regs);
+       ext = set->ops->update(set, &regs->data[priv->sreg_key], expr, regs);
        if (ext) {
                if (priv->op == NFT_DYNSET_OP_UPDATE &&
                    nft_set_ext_exists(ext, NFT_SET_EXT_TIMEOUT) &&

diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 9903c737c9f0ad3e67f1bbd1579e25c90ed7444b..266d0c637225c044555323bb8be4070e3aa4b396 100644 (file)
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -123,8 +123,6 @@ nft_rhash_get(const struct net *net, const struct nft_set *set,
 
 static const struct nft_set_ext *
 nft_rhash_update(struct nft_set *set, const u32 *key,
-                struct nft_elem_priv *(*new)(struct nft_set *, const struct nft_expr *,
-                struct nft_regs *regs),
                 const struct nft_expr *expr, struct nft_regs *regs)
 {
        struct nft_rhash *priv = nft_set_priv(set);
@@ -141,7 +139,7 @@ nft_rhash_update(struct nft_set *set, const u32 *key,
        if (he != NULL)
                goto out;
 
-       elem_priv = new(set, expr, regs);
+       elem_priv = nft_dynset_new(set, expr, regs);
        if (!elem_priv)
                goto err1;
 

diff --git a/net/netfilter/nft_set_pipapo_avx2.c b/net/netfilter/nft_set_pipapo_avx2.c
index 6c441e2dc8af391a6ecf1e043676819b78e417e0..db5d367e43c46991c299b2c54e66a40ab1c306c6 100644 (file)
--- a/net/netfilter/nft_set_pipapo_avx2.c
+++ b/net/netfilter/nft_set_pipapo_avx2.c
@@ -1137,7 +1137,6 @@ static inline void pipapo_resmap_init_avx2(const struct nft_pipapo_match *m, uns
  * @net:       Network namespace
  * @set:       nftables API set representation
  * @key:       nftables API element representation containing key data
- * @ext:       nftables API extension pointer, filled with matching reference
  *
  * For more details, see DOC: Theory of Operation in nft_set_pipapo.c.
  *