netfilter: nf_tables: Flowtable hook's pf value never varies

When checking for duplicate hooks in nft_register_flowtable_net_hooks(),
comparing ops.pf value is pointless as it is always NFPROTO_NETDEV with
flowtable hooks.

Dropping the check leaves the search identical to the one in
nft_hook_list_find() so call that function instead of open coding.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index de9c4335ef476f6a5d1ba2e6f5ec77fa3e492100..e41c77e5eefdcdcbbece19f8dba314d329ab39dc 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -8895,7 +8895,7 @@ static int nft_register_flowtable_net_hooks(struct net *net,
                                            struct list_head *hook_list,
                                            struct nft_flowtable *flowtable)
 {
-       struct nft_hook *hook, *hook2, *next;
+       struct nft_hook *hook, *next;
        struct nft_flowtable *ft;
        int err, i = 0;
 
@@ -8904,12 +8904,9 @@ static int nft_register_flowtable_net_hooks(struct net *net,
                        if (!nft_is_active_next(net, ft))
                                continue;
 
-                       list_for_each_entry(hook2, &ft->hook_list, list) {
-                               if (hook->ops.dev == hook2->ops.dev &&
-                                   hook->ops.pf == hook2->ops.pf) {
-                                       err = -EEXIST;
-                                       goto err_unregister_net_hooks;
-                               }
+                       if (nft_hook_list_find(&ft->hook_list, hook)) {
+                               err = -EEXIST;
+                               goto err_unregister_net_hooks;
                        }
                }