netfilter: nft_ct: prepare for key-dependent error unwind
Next patch will add ZONE_ID set support which will need similar error unwind (put operation) as conntrack labels. Prepare for this: remove the 'label_got' boolean in favor of a switch statement that can be extended in next patch. As we already have that in the set_destroy function place that in a separate function and call it from the set init function. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
ab23821f7e
commit
5c178d81b6
|
@ -386,12 +386,24 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void __nft_ct_set_destroy(const struct nft_ctx *ctx, struct nft_ct *priv)
|
||||
{
|
||||
switch (priv->key) {
|
||||
#ifdef CONFIG_NF_CONNTRACK_LABELS
|
||||
case NFT_CT_LABELS:
|
||||
nf_connlabels_put(ctx->net);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
static int nft_ct_set_init(const struct nft_ctx *ctx,
|
||||
const struct nft_expr *expr,
|
||||
const struct nlattr * const tb[])
|
||||
{
|
||||
struct nft_ct *priv = nft_expr_priv(expr);
|
||||
bool label_got = false;
|
||||
unsigned int len;
|
||||
int err;
|
||||
|
||||
|
@ -412,7 +424,6 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
|
|||
err = nf_connlabels_get(ctx->net, (len * BITS_PER_BYTE) - 1);
|
||||
if (err)
|
||||
return err;
|
||||
label_got = true;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
|
@ -431,8 +442,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
|
|||
return 0;
|
||||
|
||||
err1:
|
||||
if (label_got)
|
||||
nf_connlabels_put(ctx->net);
|
||||
__nft_ct_set_destroy(ctx, priv);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
@ -447,16 +457,7 @@ static void nft_ct_set_destroy(const struct nft_ctx *ctx,
|
|||
{
|
||||
struct nft_ct *priv = nft_expr_priv(expr);
|
||||
|
||||
switch (priv->key) {
|
||||
#ifdef CONFIG_NF_CONNTRACK_LABELS
|
||||
case NFT_CT_LABELS:
|
||||
nf_connlabels_put(ctx->net);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
__nft_ct_set_destroy(ctx, priv);
|
||||
nft_ct_netns_put(ctx->net, ctx->afi->family);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue