netfilter: nf_tables_offload: add nft_flow_action_entry_next() and use it

Add a new helper function to retrieve the next action entry in flow rule, check if the maximum number of actions is reached, bail out in such case. Replace existing opencoded iteration on the action array by this helper function. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2026-03-30 12:04:02 +0300
committer: Florian Westphal <fw@strlen.de> 2026-04-08 08:51:31 +0300
commit: c6f85577584b5f8414141ae389e974b8ca6a698b (patch)
tree: cb876fef2672595ecc00083f56d049a9916dd933 /include
parent: f33fad8dbfff7c35c22abb3a7305173d005ac362 (diff)
download: linux-c6f85577584b5f8414141ae389e974b8ca6a698b.tar.xz
1 files changed, 10 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_offload.h b/include/net/netfilter/nf_tables_offload.h
index 3568b6a2f5f0..14c427891ee6 100644
--- a/include/net/netfilter/nf_tables_offload.h
+++ b/include/net/netfilter/nf_tables_offload.h
@@ -67,6 +67,16 @@ struct nft_flow_rule {
 	struct flow_rule	*rule;
 };
 
+static inline struct flow_action_entry *
+nft_flow_action_entry_next(struct nft_offload_ctx *ctx,
+			   struct nft_flow_rule *flow)
+{
+	if (unlikely(ctx->num_actions >= flow->rule->action.num_entries))
+		return NULL;
+
+	return &flow->rule->action.entries[ctx->num_actions++];
+}
+
 void nft_flow_rule_set_addr_type(struct nft_flow_rule *flow,
 				 enum flow_dissector_key_id addr_type);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2026-03-30 12:04:02 +0300
committer	Florian Westphal <fw@strlen.de>	2026-04-08 08:51:31 +0300
commit	c6f85577584b5f8414141ae389e974b8ca6a698b (patch)
tree	cb876fef2672595ecc00083f56d049a9916dd933 /include
parent	f33fad8dbfff7c35c22abb3a7305173d005ac362 (diff)
download	linux-c6f85577584b5f8414141ae389e974b8ca6a698b.tar.xz