netfilter: nftables: add helper function to release one table

Add a function to release one table.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index ab93a35..c2b8911 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8999,10 +8999,9 @@ static void __nft_release_hooks(struct net *net)
        }
 }
 
-static void __nft_release_tables(struct net *net)
+static void __nft_release_table(struct net *net, struct nft_table *table)
 {
        struct nft_flowtable *flowtable, *nf;
-       struct nft_table *table, *nt;
        struct nft_chain *chain, *nc;
        struct nft_object *obj, *ne;
        struct nft_rule *rule, *nr;
@@ -9012,41 +9011,47 @@ static void __nft_release_tables(struct net *net)
                .family = NFPROTO_NETDEV,
        };
 
-       list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
-               ctx.family = table->family;
-               ctx.table = table;
-               list_for_each_entry(chain, &table->chains, list) {
-                       ctx.chain = chain;
-                       list_for_each_entry_safe(rule, nr, &chain->rules, list) {
-                               list_del(&rule->list);
-                               chain->use--;
-                               nf_tables_rule_release(&ctx, rule);
-                       }
-               }
-               list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
-                       list_del(&flowtable->list);
-                       table->use--;
-                       nf_tables_flowtable_destroy(flowtable);
-               }
-               list_for_each_entry_safe(set, ns, &table->sets, list) {
-                       list_del(&set->list);
-                       table->use--;
-                       nft_set_destroy(&ctx, set);
-               }
-               list_for_each_entry_safe(obj, ne, &table->objects, list) {
-                       nft_obj_del(obj);
-                       table->use--;
-                       nft_obj_destroy(&ctx, obj);
-               }
-               list_for_each_entry_safe(chain, nc, &table->chains, list) {
-                       ctx.chain = chain;
-                       nft_chain_del(chain);
-                       table->use--;
-                       nf_tables_chain_destroy(&ctx);
+       ctx.family = table->family;
+       ctx.table = table;
+       list_for_each_entry(chain, &table->chains, list) {
+               ctx.chain = chain;
+               list_for_each_entry_safe(rule, nr, &chain->rules, list) {
+                       list_del(&rule->list);
+                       chain->use--;
+                       nf_tables_rule_release(&ctx, rule);
                }
-               list_del(&table->list);
-               nf_tables_table_destroy(&ctx);
        }
+       list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
+               list_del(&flowtable->list);
+               table->use--;
+               nf_tables_flowtable_destroy(flowtable);
+       }
+       list_for_each_entry_safe(set, ns, &table->sets, list) {
+               list_del(&set->list);
+               table->use--;
+               nft_set_destroy(&ctx, set);
+       }
+       list_for_each_entry_safe(obj, ne, &table->objects, list) {
+               nft_obj_del(obj);
+               table->use--;
+               nft_obj_destroy(&ctx, obj);
+       }
+       list_for_each_entry_safe(chain, nc, &table->chains, list) {
+               ctx.chain = chain;
+               nft_chain_del(chain);
+               table->use--;
+               nf_tables_chain_destroy(&ctx);
+       }
+       list_del(&table->list);
+       nf_tables_table_destroy(&ctx);
+}
+
+static void __nft_release_tables(struct net *net)
+{
+       struct nft_table *table, *nt;
+
+       list_for_each_entry_safe(table, nt, &net->nft.tables, list)
+               __nft_release_table(net, table);
 }
 
 static int __net_init nf_tables_init_net(struct net *net)