netfilter: nf_tables: drop unused 3rd argument from validate callback ops
Since commit a654de8fdc
("netfilter: nf_tables: fix chain dependency validation")
the validate() callback no longer needs the return pointer argument.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
09c0d0aef5
commit
eaf9b2c875
@ -961,8 +961,7 @@ struct nft_expr_ops {
|
||||
const struct nft_expr *expr,
|
||||
bool reset);
|
||||
int (*validate)(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data);
|
||||
const struct nft_expr *expr);
|
||||
bool (*reduce)(struct nft_regs_track *track,
|
||||
const struct nft_expr *expr);
|
||||
bool (*gc)(struct net *net,
|
||||
|
@ -21,9 +21,7 @@ nft_fib_is_loopback(const struct sk_buff *skb, const struct net_device *in)
|
||||
int nft_fib_dump(struct sk_buff *skb, const struct nft_expr *expr, bool reset);
|
||||
int nft_fib_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
||||
const struct nlattr * const tb[]);
|
||||
int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
||||
const struct nft_data **data);
|
||||
|
||||
int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr);
|
||||
|
||||
void nft_fib4_eval_type(const struct nft_expr *expr, struct nft_regs *regs,
|
||||
const struct nft_pktinfo *pkt);
|
||||
|
@ -41,8 +41,7 @@ void nft_meta_set_destroy(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr);
|
||||
|
||||
int nft_meta_set_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data);
|
||||
const struct nft_expr *expr);
|
||||
|
||||
bool nft_meta_get_reduce(struct nft_regs_track *track,
|
||||
const struct nft_expr *expr);
|
||||
|
@ -15,8 +15,7 @@ struct nft_reject {
|
||||
extern const struct nla_policy nft_reject_policy[];
|
||||
|
||||
int nft_reject_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data);
|
||||
const struct nft_expr *expr);
|
||||
|
||||
int nft_reject_init(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
|
@ -168,8 +168,7 @@ static bool nft_meta_bridge_set_reduce(struct nft_regs_track *track,
|
||||
}
|
||||
|
||||
static int nft_meta_bridge_set_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
struct nft_meta *priv = nft_expr_priv(expr);
|
||||
unsigned int hooks;
|
||||
@ -179,7 +178,7 @@ static int nft_meta_bridge_set_validate(const struct nft_ctx *ctx,
|
||||
hooks = 1 << NF_BR_PRE_ROUTING;
|
||||
break;
|
||||
default:
|
||||
return nft_meta_set_validate(ctx, expr, data);
|
||||
return nft_meta_set_validate(ctx, expr);
|
||||
}
|
||||
|
||||
return nft_chain_validate_hooks(ctx->chain, hooks);
|
||||
|
@ -170,8 +170,7 @@ out:
|
||||
}
|
||||
|
||||
static int nft_reject_bridge_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
return nft_chain_validate_hooks(ctx->chain, (1 << NF_BR_PRE_ROUTING) |
|
||||
(1 << NF_BR_LOCAL_IN));
|
||||
|
@ -3886,7 +3886,6 @@ static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *r
|
||||
int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain)
|
||||
{
|
||||
struct nft_expr *expr, *last;
|
||||
const struct nft_data *data;
|
||||
struct nft_rule *rule;
|
||||
int err;
|
||||
|
||||
@ -3907,7 +3906,7 @@ int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain)
|
||||
/* This may call nft_chain_validate() recursively,
|
||||
* callers that do so must increment ctx->level.
|
||||
*/
|
||||
err = expr->ops->validate(ctx, expr, &data);
|
||||
err = expr->ops->validate(ctx, expr);
|
||||
if (err < 0)
|
||||
return err;
|
||||
}
|
||||
|
@ -350,8 +350,7 @@ nla_put_failure:
|
||||
}
|
||||
|
||||
static int nft_target_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
struct xt_target *target = expr->ops->data;
|
||||
unsigned int hook_mask = 0;
|
||||
@ -611,8 +610,7 @@ static int nft_match_large_dump(struct sk_buff *skb,
|
||||
}
|
||||
|
||||
static int nft_match_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
struct xt_match *match = expr->ops->data;
|
||||
unsigned int hook_mask = 0;
|
||||
|
@ -26,8 +26,7 @@ const struct nla_policy nft_fib_policy[NFTA_FIB_MAX + 1] = {
|
||||
};
|
||||
EXPORT_SYMBOL(nft_fib_policy);
|
||||
|
||||
int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
int nft_fib_validate(const struct nft_ctx *ctx, const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_fib *priv = nft_expr_priv(expr);
|
||||
unsigned int hooks;
|
||||
|
@ -380,8 +380,7 @@ out:
|
||||
}
|
||||
|
||||
static int nft_flow_offload_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
unsigned int hook_mask = (1 << NF_INET_FORWARD);
|
||||
|
||||
|
@ -204,8 +204,7 @@ nla_put_failure:
|
||||
}
|
||||
|
||||
static int nft_fwd_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
return nft_chain_validate_hooks(ctx->chain, (1 << NF_NETDEV_INGRESS) |
|
||||
(1 << NF_NETDEV_EGRESS));
|
||||
|
@ -244,8 +244,7 @@ nla_put_failure:
|
||||
}
|
||||
|
||||
static int nft_immediate_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **d)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
|
||||
struct nft_ctx *pctx = (struct nft_ctx *)ctx;
|
||||
|
@ -206,8 +206,7 @@ nla_put_failure:
|
||||
}
|
||||
|
||||
static int nft_lookup_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **d)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_lookup *priv = nft_expr_priv(expr);
|
||||
struct nft_set_iter iter;
|
||||
|
@ -27,8 +27,7 @@ static const struct nla_policy nft_masq_policy[NFTA_MASQ_MAX + 1] = {
|
||||
};
|
||||
|
||||
static int nft_masq_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
int err;
|
||||
|
||||
|
@ -581,8 +581,7 @@ static int nft_meta_get_validate_xfrm(const struct nft_ctx *ctx)
|
||||
}
|
||||
|
||||
static int nft_meta_get_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_meta *priv = nft_expr_priv(expr);
|
||||
|
||||
@ -600,8 +599,7 @@ static int nft_meta_get_validate(const struct nft_ctx *ctx,
|
||||
}
|
||||
|
||||
int nft_meta_set_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
struct nft_meta *priv = nft_expr_priv(expr);
|
||||
unsigned int hooks;
|
||||
|
@ -137,8 +137,7 @@ static const struct nla_policy nft_nat_policy[NFTA_NAT_MAX + 1] = {
|
||||
};
|
||||
|
||||
static int nft_nat_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
struct nft_nat *priv = nft_expr_priv(expr);
|
||||
int err;
|
||||
|
@ -108,8 +108,7 @@ nla_put_failure:
|
||||
}
|
||||
|
||||
static int nft_osf_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
unsigned int hooks;
|
||||
|
||||
|
@ -69,8 +69,7 @@ static void nft_queue_sreg_eval(const struct nft_expr *expr,
|
||||
}
|
||||
|
||||
static int nft_queue_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
static const unsigned int supported_hooks = ((1 << NF_INET_PRE_ROUTING) |
|
||||
(1 << NF_INET_LOCAL_IN) |
|
||||
|
@ -27,8 +27,7 @@ static const struct nla_policy nft_redir_policy[NFTA_REDIR_MAX + 1] = {
|
||||
};
|
||||
|
||||
static int nft_redir_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
int err;
|
||||
|
||||
|
@ -24,8 +24,7 @@ const struct nla_policy nft_reject_policy[NFTA_REJECT_MAX + 1] = {
|
||||
EXPORT_SYMBOL_GPL(nft_reject_policy);
|
||||
|
||||
int nft_reject_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
return nft_chain_validate_hooks(ctx->chain,
|
||||
(1 << NF_INET_LOCAL_IN) |
|
||||
|
@ -61,8 +61,7 @@ static void nft_reject_inet_eval(const struct nft_expr *expr,
|
||||
}
|
||||
|
||||
static int nft_reject_inet_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
return nft_chain_validate_hooks(ctx->chain,
|
||||
(1 << NF_INET_LOCAL_IN) |
|
||||
|
@ -145,8 +145,7 @@ out:
|
||||
}
|
||||
|
||||
static int nft_reject_netdev_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
return nft_chain_validate_hooks(ctx->chain, (1 << NF_NETDEV_INGRESS));
|
||||
}
|
||||
|
@ -160,8 +160,7 @@ nla_put_failure:
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int nft_rt_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
static int nft_rt_validate(const struct nft_ctx *ctx, const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_rt *priv = nft_expr_priv(expr);
|
||||
unsigned int hooks;
|
||||
|
@ -239,8 +239,7 @@ static bool nft_socket_reduce(struct nft_regs_track *track,
|
||||
}
|
||||
|
||||
static int nft_socket_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
if (ctx->family != NFPROTO_IPV4 &&
|
||||
ctx->family != NFPROTO_IPV6 &&
|
||||
|
@ -248,8 +248,7 @@ static void nft_synproxy_eval(const struct nft_expr *expr,
|
||||
}
|
||||
|
||||
static int nft_synproxy_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
if (ctx->family != NFPROTO_IPV4 &&
|
||||
ctx->family != NFPROTO_IPV6 &&
|
||||
|
@ -313,8 +313,7 @@ static int nft_tproxy_dump(struct sk_buff *skb,
|
||||
}
|
||||
|
||||
static int nft_tproxy_validate(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
const struct nft_expr *expr)
|
||||
{
|
||||
if (ctx->family != NFPROTO_IPV4 &&
|
||||
ctx->family != NFPROTO_IPV6 &&
|
||||
|
@ -229,8 +229,7 @@ static int nft_xfrm_get_dump(struct sk_buff *skb,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int nft_xfrm_validate(const struct nft_ctx *ctx, const struct nft_expr *expr,
|
||||
const struct nft_data **data)
|
||||
static int nft_xfrm_validate(const struct nft_ctx *ctx, const struct nft_expr *expr)
|
||||
{
|
||||
const struct nft_xfrm *priv = nft_expr_priv(expr);
|
||||
unsigned int hooks;
|
||||
|
Loading…
Reference in New Issue
Block a user