Add a new helper function to retrieve the next action entry in flow
rule, check if the maximum number of actions is reached, bail out in
such case.
Replace existing opencoded iteration on the action array by this
helper function.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
struct flow_rule *rule;
};
+static inline struct flow_action_entry *
+nft_flow_action_entry_next(struct nft_offload_ctx *ctx,
+ struct nft_flow_rule *flow)
+{
+ if (unlikely(ctx->num_actions >= flow->rule->action.num_entries))
+ return NULL;
+
+ return &flow->rule->action.entries[ctx->num_actions++];
+}
+
void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
enum flow_dissector_key_id addr_type);
if (!dev)
return -EOPNOTSUPP;
- entry = &flow->rule->action.entries[ctx->num_actions++];
+ entry = nft_flow_action_entry_next(ctx, flow);
+ if (!entry)
+ return -E2BIG;
+
entry->id = id;
entry->dev = dev;
struct flow_action_entry *entry;
const struct nft_data *data;
- entry = &flow->rule->action.entries[ctx->num_actions++];
+ entry = nft_flow_action_entry_next(ctx, flow);
+ if (!entry)
+ return -E2BIG;
data = &priv->data;
switch (data->verdict.code) {
projects / thirdparty / kernel / linux.git / commitdiff
