You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1204 lines
35 KiB
1204 lines
35 KiB
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
Date: Tue, 9 Jan 2018 02:48:47 +0100
|
|
Subject: [PATCH] netfilter: nf_tables: get rid of struct nft_af_info
|
|
abstraction
|
|
|
|
Remove the infrastructure to register/unregister nft_af_info structure,
|
|
this structure stores no useful information anymore.
|
|
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
|
|
--- a/include/net/netfilter/nf_tables.h
|
|
+++ b/include/net/netfilter/nf_tables.h
|
|
@@ -955,28 +955,12 @@ struct nft_table {
|
|
struct list_head flowtables;
|
|
u64 hgenerator;
|
|
u32 use;
|
|
- u16 flags:14,
|
|
+ u16 family:6,
|
|
+ flags:8,
|
|
genmask:2;
|
|
- struct nft_af_info *afi;
|
|
char *name;
|
|
};
|
|
|
|
-/**
|
|
- * struct nft_af_info - nf_tables address family info
|
|
- *
|
|
- * @list: used internally
|
|
- * @family: address family
|
|
- * @owner: module owner
|
|
- */
|
|
-struct nft_af_info {
|
|
- struct list_head list;
|
|
- int family;
|
|
- struct module *owner;
|
|
-};
|
|
-
|
|
-int nft_register_afinfo(struct nft_af_info *);
|
|
-void nft_unregister_afinfo(struct nft_af_info *);
|
|
-
|
|
int nft_register_chain_type(const struct nf_chain_type *);
|
|
void nft_unregister_chain_type(const struct nf_chain_type *);
|
|
|
|
@@ -1144,9 +1128,6 @@ void nft_trace_notify(struct nft_tracein
|
|
#define nft_dereference(p) \
|
|
nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
|
|
|
|
-#define MODULE_ALIAS_NFT_FAMILY(family) \
|
|
- MODULE_ALIAS("nft-afinfo-" __stringify(family))
|
|
-
|
|
#define MODULE_ALIAS_NFT_CHAIN(family, name) \
|
|
MODULE_ALIAS("nft-chain-" __stringify(family) "-" name)
|
|
|
|
--- a/net/bridge/netfilter/nf_tables_bridge.c
|
|
+++ b/net/bridge/netfilter/nf_tables_bridge.c
|
|
@@ -42,11 +42,6 @@ nft_do_chain_bridge(void *priv,
|
|
return nft_do_chain(&pkt, priv);
|
|
}
|
|
|
|
-static struct nft_af_info nft_af_bridge __read_mostly = {
|
|
- .family = NFPROTO_BRIDGE,
|
|
- .owner = THIS_MODULE,
|
|
-};
|
|
-
|
|
static const struct nf_chain_type filter_bridge = {
|
|
.name = "filter",
|
|
.type = NFT_CHAIN_T_DEFAULT,
|
|
@@ -68,28 +63,12 @@ static const struct nf_chain_type filter
|
|
|
|
static int __init nf_tables_bridge_init(void)
|
|
{
|
|
- int ret;
|
|
-
|
|
- ret = nft_register_afinfo(&nft_af_bridge);
|
|
- if (ret < 0)
|
|
- return ret;
|
|
-
|
|
- ret = nft_register_chain_type(&filter_bridge);
|
|
- if (ret < 0)
|
|
- goto err_register_chain;
|
|
-
|
|
- return ret;
|
|
-
|
|
-err_register_chain:
|
|
- nft_unregister_chain_type(&filter_bridge);
|
|
-
|
|
- return ret;
|
|
+ return nft_register_chain_type(&filter_bridge);
|
|
}
|
|
|
|
static void __exit nf_tables_bridge_exit(void)
|
|
{
|
|
nft_unregister_chain_type(&filter_bridge);
|
|
- nft_unregister_afinfo(&nft_af_bridge);
|
|
}
|
|
|
|
module_init(nf_tables_bridge_init);
|
|
@@ -97,4 +76,4 @@ module_exit(nf_tables_bridge_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
|
|
-MODULE_ALIAS_NFT_FAMILY(AF_BRIDGE);
|
|
+MODULE_ALIAS_NFT_CHAIN(AF_BRIDGE, "filter");
|
|
--- a/net/ipv4/netfilter/nf_tables_arp.c
|
|
+++ b/net/ipv4/netfilter/nf_tables_arp.c
|
|
@@ -27,11 +27,6 @@ nft_do_chain_arp(void *priv,
|
|
return nft_do_chain(&pkt, priv);
|
|
}
|
|
|
|
-static struct nft_af_info nft_af_arp __read_mostly = {
|
|
- .family = NFPROTO_ARP,
|
|
- .owner = THIS_MODULE,
|
|
-};
|
|
-
|
|
static const struct nf_chain_type filter_arp = {
|
|
.name = "filter",
|
|
.type = NFT_CHAIN_T_DEFAULT,
|
|
@@ -47,28 +42,12 @@ static const struct nf_chain_type filter
|
|
|
|
static int __init nf_tables_arp_init(void)
|
|
{
|
|
- int ret;
|
|
-
|
|
- ret = nft_register_afinfo(&nft_af_arp);
|
|
- if (ret < 0)
|
|
- return ret;
|
|
-
|
|
- ret = nft_register_chain_type(&filter_arp);
|
|
- if (ret < 0)
|
|
- goto err_register_chain;
|
|
-
|
|
- return 0;
|
|
-
|
|
-err_register_chain:
|
|
- nft_unregister_chain_type(&filter_arp);
|
|
-
|
|
- return ret;
|
|
+ return nft_register_chain_type(&filter_arp);
|
|
}
|
|
|
|
static void __exit nf_tables_arp_exit(void)
|
|
{
|
|
nft_unregister_chain_type(&filter_arp);
|
|
- nft_unregister_afinfo(&nft_af_arp);
|
|
}
|
|
|
|
module_init(nf_tables_arp_init);
|
|
@@ -76,4 +55,4 @@ module_exit(nf_tables_arp_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
|
|
-MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */
|
|
+MODULE_ALIAS_NFT_CHAIN(3, "filter"); /* NFPROTO_ARP */
|
|
--- a/net/ipv4/netfilter/nf_tables_ipv4.c
|
|
+++ b/net/ipv4/netfilter/nf_tables_ipv4.c
|
|
@@ -30,11 +30,6 @@ static unsigned int nft_do_chain_ipv4(vo
|
|
return nft_do_chain(&pkt, priv);
|
|
}
|
|
|
|
-static struct nft_af_info nft_af_ipv4 __read_mostly = {
|
|
- .family = NFPROTO_IPV4,
|
|
- .owner = THIS_MODULE,
|
|
-};
|
|
-
|
|
static const struct nf_chain_type filter_ipv4 = {
|
|
.name = "filter",
|
|
.type = NFT_CHAIN_T_DEFAULT,
|
|
@@ -56,27 +51,12 @@ static const struct nf_chain_type filter
|
|
|
|
static int __init nf_tables_ipv4_init(void)
|
|
{
|
|
- int ret;
|
|
-
|
|
- ret = nft_register_afinfo(&nft_af_ipv4);
|
|
- if (ret < 0)
|
|
- return ret;
|
|
-
|
|
- ret = nft_register_chain_type(&filter_ipv4);
|
|
- if (ret < 0)
|
|
- goto err_register_chain;
|
|
-
|
|
- return 0;
|
|
-
|
|
-err_register_chain:
|
|
- nft_unregister_afinfo(&nft_af_ipv4);
|
|
- return ret;
|
|
+ return nft_register_chain_type(&filter_ipv4);
|
|
}
|
|
|
|
static void __exit nf_tables_ipv4_exit(void)
|
|
{
|
|
nft_unregister_chain_type(&filter_ipv4);
|
|
- nft_unregister_afinfo(&nft_af_ipv4);
|
|
}
|
|
|
|
module_init(nf_tables_ipv4_init);
|
|
@@ -84,4 +64,4 @@ module_exit(nf_tables_ipv4_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
|
|
-MODULE_ALIAS_NFT_FAMILY(AF_INET);
|
|
+MODULE_ALIAS_NFT_CHAIN(AF_INET, "filter");
|
|
--- a/net/ipv6/netfilter/nf_tables_ipv6.c
|
|
+++ b/net/ipv6/netfilter/nf_tables_ipv6.c
|
|
@@ -28,11 +28,6 @@ static unsigned int nft_do_chain_ipv6(vo
|
|
return nft_do_chain(&pkt, priv);
|
|
}
|
|
|
|
-static struct nft_af_info nft_af_ipv6 __read_mostly = {
|
|
- .family = NFPROTO_IPV6,
|
|
- .owner = THIS_MODULE,
|
|
-};
|
|
-
|
|
static const struct nf_chain_type filter_ipv6 = {
|
|
.name = "filter",
|
|
.type = NFT_CHAIN_T_DEFAULT,
|
|
@@ -54,26 +49,11 @@ static const struct nf_chain_type filter
|
|
|
|
static int __init nf_tables_ipv6_init(void)
|
|
{
|
|
- int ret;
|
|
-
|
|
- ret = nft_register_afinfo(&nft_af_ipv6);
|
|
- if (ret < 0)
|
|
- return ret;
|
|
-
|
|
- ret = nft_register_chain_type(&filter_ipv6);
|
|
- if (ret < 0)
|
|
- goto err_register_chain;
|
|
-
|
|
- return 0;
|
|
-
|
|
-err_register_chain:
|
|
- nft_unregister_afinfo(&nft_af_ipv6);
|
|
- return ret;
|
|
+ return nft_register_chain_type(&filter_ipv6);
|
|
}
|
|
|
|
static void __exit nf_tables_ipv6_exit(void)
|
|
{
|
|
- nft_unregister_afinfo(&nft_af_ipv6);
|
|
nft_unregister_chain_type(&filter_ipv6);
|
|
}
|
|
|
|
@@ -82,4 +62,4 @@ module_exit(nf_tables_ipv6_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
|
|
-MODULE_ALIAS_NFT_FAMILY(AF_INET6);
|
|
+MODULE_ALIAS_NFT_CHAIN(AF_INET6, "filter");
|
|
--- a/net/netfilter/nf_tables_api.c
|
|
+++ b/net/netfilter/nf_tables_api.c
|
|
@@ -26,71 +26,6 @@
|
|
static LIST_HEAD(nf_tables_expressions);
|
|
static LIST_HEAD(nf_tables_objects);
|
|
static LIST_HEAD(nf_tables_flowtables);
|
|
-static LIST_HEAD(nf_tables_af_info);
|
|
-
|
|
-/**
|
|
- * nft_register_afinfo - register nf_tables address family info
|
|
- *
|
|
- * @afi: address family info to register
|
|
- *
|
|
- * Register the address family for use with nf_tables. Returns zero on
|
|
- * success or a negative errno code otherwise.
|
|
- */
|
|
-int nft_register_afinfo(struct nft_af_info *afi)
|
|
-{
|
|
- nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
|
- list_add_tail_rcu(&afi->list, &nf_tables_af_info);
|
|
- nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
|
- return 0;
|
|
-}
|
|
-EXPORT_SYMBOL_GPL(nft_register_afinfo);
|
|
-
|
|
-/**
|
|
- * nft_unregister_afinfo - unregister nf_tables address family info
|
|
- *
|
|
- * @afi: address family info to unregister
|
|
- *
|
|
- * Unregister the address family for use with nf_tables.
|
|
- */
|
|
-void nft_unregister_afinfo(struct nft_af_info *afi)
|
|
-{
|
|
- nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
|
- list_del_rcu(&afi->list);
|
|
- nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
|
-}
|
|
-EXPORT_SYMBOL_GPL(nft_unregister_afinfo);
|
|
-
|
|
-static struct nft_af_info *nft_afinfo_lookup(struct net *net, int family)
|
|
-{
|
|
- struct nft_af_info *afi;
|
|
-
|
|
- list_for_each_entry(afi, &nf_tables_af_info, list) {
|
|
- if (afi->family == family)
|
|
- return afi;
|
|
- }
|
|
- return NULL;
|
|
-}
|
|
-
|
|
-static struct nft_af_info *
|
|
-nf_tables_afinfo_lookup(struct net *net, int family, bool autoload)
|
|
-{
|
|
- struct nft_af_info *afi;
|
|
-
|
|
- afi = nft_afinfo_lookup(net, family);
|
|
- if (afi != NULL)
|
|
- return afi;
|
|
-#ifdef CONFIG_MODULES
|
|
- if (autoload) {
|
|
- nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
|
- request_module("nft-afinfo-%u", family);
|
|
- nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
|
- afi = nft_afinfo_lookup(net, family);
|
|
- if (afi != NULL)
|
|
- return ERR_PTR(-EAGAIN);
|
|
- }
|
|
-#endif
|
|
- return ERR_PTR(-EAFNOSUPPORT);
|
|
-}
|
|
|
|
static void nft_ctx_init(struct nft_ctx *ctx,
|
|
struct net *net,
|
|
@@ -419,7 +354,7 @@ static struct nft_table *nft_table_looku
|
|
|
|
list_for_each_entry(table, &net->nft.tables, list) {
|
|
if (!nla_strcmp(nla, table->name) &&
|
|
- table->afi->family == family &&
|
|
+ table->family == family &&
|
|
nft_active_genmask(table, genmask))
|
|
return table;
|
|
}
|
|
@@ -560,7 +495,7 @@ static int nf_tables_dump_tables(struct
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
- if (family != NFPROTO_UNSPEC && family != table->afi->family)
|
|
+ if (family != NFPROTO_UNSPEC && family != table->family)
|
|
continue;
|
|
|
|
if (idx < s_idx)
|
|
@@ -574,7 +509,7 @@ static int nf_tables_dump_tables(struct
|
|
NETLINK_CB(cb->skb).portid,
|
|
cb->nlh->nlmsg_seq,
|
|
NFT_MSG_NEWTABLE, NLM_F_MULTI,
|
|
- table->afi->family, table) < 0)
|
|
+ table->family, table) < 0)
|
|
goto done;
|
|
|
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
|
@@ -594,7 +529,6 @@ static int nf_tables_gettable(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_cur(net);
|
|
- const struct nft_af_info *afi;
|
|
const struct nft_table *table;
|
|
struct sk_buff *skb2;
|
|
int family = nfmsg->nfgen_family;
|
|
@@ -607,11 +541,7 @@ static int nf_tables_gettable(struct net
|
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
|
}
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -731,19 +661,14 @@ static int nf_tables_newtable(struct net
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
const struct nlattr *name;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
int family = nfmsg->nfgen_family;
|
|
u32 flags = 0;
|
|
struct nft_ctx ctx;
|
|
int err;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, true);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
name = nla[NFTA_TABLE_NAME];
|
|
- table = nf_tables_table_lookup(net, name, afi->family, genmask);
|
|
+ table = nf_tables_table_lookup(net, name, family, genmask);
|
|
if (IS_ERR(table)) {
|
|
if (PTR_ERR(table) != -ENOENT)
|
|
return PTR_ERR(table);
|
|
@@ -753,7 +678,7 @@ static int nf_tables_newtable(struct net
|
|
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
|
return -EOPNOTSUPP;
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
return nf_tables_updtable(&ctx);
|
|
}
|
|
|
|
@@ -763,40 +688,34 @@ static int nf_tables_newtable(struct net
|
|
return -EINVAL;
|
|
}
|
|
|
|
- err = -EAFNOSUPPORT;
|
|
- if (!try_module_get(afi->owner))
|
|
- goto err1;
|
|
-
|
|
err = -ENOMEM;
|
|
table = kzalloc(sizeof(*table), GFP_KERNEL);
|
|
if (table == NULL)
|
|
- goto err2;
|
|
+ goto err_kzalloc;
|
|
|
|
table->name = nla_strdup(name, GFP_KERNEL);
|
|
if (table->name == NULL)
|
|
- goto err3;
|
|
+ goto err_strdup;
|
|
|
|
INIT_LIST_HEAD(&table->chains);
|
|
INIT_LIST_HEAD(&table->sets);
|
|
INIT_LIST_HEAD(&table->objects);
|
|
INIT_LIST_HEAD(&table->flowtables);
|
|
- table->afi = afi;
|
|
+ table->family = family;
|
|
table->flags = flags;
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
|
|
if (err < 0)
|
|
- goto err4;
|
|
+ goto err_trans;
|
|
|
|
list_add_tail_rcu(&table->list, &net->nft.tables);
|
|
return 0;
|
|
-err4:
|
|
+err_trans:
|
|
kfree(table->name);
|
|
-err3:
|
|
+err_strdup:
|
|
kfree(table);
|
|
-err2:
|
|
- module_put(afi->owner);
|
|
-err1:
|
|
+err_kzalloc:
|
|
return err;
|
|
}
|
|
|
|
@@ -867,10 +786,10 @@ static int nft_flush(struct nft_ctx *ctx
|
|
int err = 0;
|
|
|
|
list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
|
|
- if (family != AF_UNSPEC && table->afi->family != family)
|
|
+ if (family != AF_UNSPEC && table->family != family)
|
|
continue;
|
|
|
|
- ctx->family = table->afi->family;
|
|
+ ctx->family = table->family;
|
|
|
|
if (!nft_is_active_next(ctx->net, table))
|
|
continue;
|
|
@@ -896,7 +815,6 @@ static int nf_tables_deltable(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
int family = nfmsg->nfgen_family;
|
|
struct nft_ctx ctx;
|
|
@@ -905,11 +823,7 @@ static int nf_tables_deltable(struct net
|
|
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
|
return nft_flush(&ctx, family);
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -918,7 +832,7 @@ static int nf_tables_deltable(struct net
|
|
table->use > 0)
|
|
return -EBUSY;
|
|
|
|
- ctx.family = afi->family;
|
|
+ ctx.family = family;
|
|
ctx.table = table;
|
|
|
|
return nft_flush_table(&ctx);
|
|
@@ -930,7 +844,6 @@ static void nf_tables_table_destroy(stru
|
|
|
|
kfree(ctx->table->name);
|
|
kfree(ctx->table);
|
|
- module_put(ctx->table->afi->owner);
|
|
}
|
|
|
|
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
|
@@ -1159,7 +1072,7 @@ static int nf_tables_dump_chains(struct
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
- if (family != NFPROTO_UNSPEC && family != table->afi->family)
|
|
+ if (family != NFPROTO_UNSPEC && family != table->family)
|
|
continue;
|
|
|
|
list_for_each_entry_rcu(chain, &table->chains, list) {
|
|
@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct
|
|
cb->nlh->nlmsg_seq,
|
|
NFT_MSG_NEWCHAIN,
|
|
NLM_F_MULTI,
|
|
- table->afi->family, table,
|
|
+ table->family, table,
|
|
chain) < 0)
|
|
goto done;
|
|
|
|
@@ -1197,7 +1110,6 @@ static int nf_tables_getchain(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_cur(net);
|
|
- const struct nft_af_info *afi;
|
|
const struct nft_table *table;
|
|
const struct nft_chain *chain;
|
|
struct sk_buff *skb2;
|
|
@@ -1211,11 +1123,7 @@ static int nf_tables_getchain(struct net
|
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
|
}
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net
|
|
const struct nlattr * uninitialized_var(name);
|
|
u8 genmask = nft_genmask_next(net);
|
|
int family = nfmsg->nfgen_family;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_chain *chain;
|
|
u8 policy = NF_ACCEPT;
|
|
@@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net
|
|
|
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, true);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net
|
|
}
|
|
}
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
|
|
|
|
if (chain != NULL) {
|
|
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
|
@@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_chain *chain;
|
|
struct nft_rule *rule;
|
|
@@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net
|
|
u32 use;
|
|
int err;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net
|
|
chain->use > 0)
|
|
return -EBUSY;
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
|
|
|
|
use = chain->use;
|
|
list_for_each_entry(rule, &chain->rules, list) {
|
|
@@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
- if (family != NFPROTO_UNSPEC && family != table->afi->family)
|
|
+ if (family != NFPROTO_UNSPEC && family != table->family)
|
|
continue;
|
|
|
|
if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
|
|
@@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s
|
|
cb->nlh->nlmsg_seq,
|
|
NFT_MSG_NEWRULE,
|
|
NLM_F_MULTI | NLM_F_APPEND,
|
|
- table->afi->family,
|
|
+ table->family,
|
|
table, chain, rule) < 0)
|
|
goto done;
|
|
|
|
@@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_cur(net);
|
|
- const struct nft_af_info *afi;
|
|
const struct nft_table *table;
|
|
const struct nft_chain *chain;
|
|
const struct nft_rule *rule;
|
|
@@ -2226,11 +2123,7 @@ static int nf_tables_getrule(struct net
|
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
|
}
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -2295,7 +2188,7 @@ static int nf_tables_newrule(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
- struct nft_af_info *afi;
|
|
+ int family = nfmsg->nfgen_family;
|
|
struct nft_table *table;
|
|
struct nft_chain *chain;
|
|
struct nft_rule *rule, *old_rule = NULL;
|
|
@@ -2311,11 +2204,7 @@ static int nf_tables_newrule(struct net
|
|
|
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -2355,7 +2244,7 @@ static int nf_tables_newrule(struct net
|
|
return PTR_ERR(old_rule);
|
|
}
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
|
|
|
|
n = 0;
|
|
size = 0;
|
|
@@ -2484,18 +2373,13 @@ static int nf_tables_delrule(struct net
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_chain *chain = NULL;
|
|
struct nft_rule *rule;
|
|
int family = nfmsg->nfgen_family, err = 0;
|
|
struct nft_ctx ctx;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -2507,7 +2391,7 @@ static int nf_tables_delrule(struct net
|
|
return PTR_ERR(chain);
|
|
}
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
|
|
|
|
if (chain) {
|
|
if (nla[NFTA_RULE_HANDLE]) {
|
|
@@ -2692,26 +2576,17 @@ static int nft_ctx_init_from_setattr(str
|
|
u8 genmask)
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
- struct nft_af_info *afi = NULL;
|
|
+ int family = nfmsg->nfgen_family;
|
|
struct nft_table *table = NULL;
|
|
|
|
- if (nfmsg->nfgen_family != NFPROTO_UNSPEC) {
|
|
- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
- }
|
|
-
|
|
if (nla[NFTA_SET_TABLE] != NULL) {
|
|
- if (afi == NULL)
|
|
- return -EAFNOSUPPORT;
|
|
-
|
|
table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE],
|
|
- afi->family, genmask);
|
|
+ family, genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
}
|
|
|
|
- nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla);
|
|
return 0;
|
|
}
|
|
|
|
@@ -2943,7 +2818,7 @@ static int nf_tables_dump_sets(struct sk
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
if (ctx->family != NFPROTO_UNSPEC &&
|
|
- ctx->family != table->afi->family)
|
|
+ ctx->family != table->family)
|
|
continue;
|
|
|
|
if (ctx->table && ctx->table != table)
|
|
@@ -2964,7 +2839,7 @@ static int nf_tables_dump_sets(struct sk
|
|
|
|
ctx_set = *ctx;
|
|
ctx_set.table = table;
|
|
- ctx_set.family = table->afi->family;
|
|
+ ctx_set.family = table->family;
|
|
|
|
if (nf_tables_fill_set(skb, &ctx_set, set,
|
|
NFT_MSG_NEWSET,
|
|
@@ -3076,8 +2951,8 @@ static int nf_tables_newset(struct net *
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
+ int family = nfmsg->nfgen_family;
|
|
const struct nft_set_ops *ops;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_set *set;
|
|
struct nft_ctx ctx;
|
|
@@ -3184,16 +3059,12 @@ static int nf_tables_newset(struct net *
|
|
|
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
|
|
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
|
if (IS_ERR(set)) {
|
|
@@ -3455,19 +3326,15 @@ static int nft_ctx_init_from_elemattr(st
|
|
u8 genmask)
|
|
{
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
- struct nft_af_info *afi;
|
|
+ int family = nfmsg->nfgen_family;
|
|
struct nft_table *table;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE],
|
|
- afi->family, genmask);
|
|
+ family, genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
|
|
- nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla);
|
|
return 0;
|
|
}
|
|
|
|
@@ -3585,7 +3452,7 @@ static int nf_tables_dump_set(struct sk_
|
|
rcu_read_lock();
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
|
- dump_ctx->ctx.family != table->afi->family)
|
|
+ dump_ctx->ctx.family != table->family)
|
|
continue;
|
|
|
|
if (table != dump_ctx->ctx.table)
|
|
@@ -3615,7 +3482,7 @@ static int nf_tables_dump_set(struct sk_
|
|
goto nla_put_failure;
|
|
|
|
nfmsg = nlmsg_data(nlh);
|
|
- nfmsg->nfgen_family = table->afi->family;
|
|
+ nfmsg->nfgen_family = table->family;
|
|
nfmsg->version = NFNETLINK_V0;
|
|
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
|
|
|
@@ -4495,7 +4362,6 @@ static int nf_tables_newobj(struct net *
|
|
const struct nft_object_type *type;
|
|
u8 genmask = nft_genmask_next(net);
|
|
int family = nfmsg->nfgen_family;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_object *obj;
|
|
struct nft_ctx ctx;
|
|
@@ -4507,11 +4373,7 @@ static int nf_tables_newobj(struct net *
|
|
!nla[NFTA_OBJ_DATA])
|
|
return -EINVAL;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, true);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -4530,7 +4392,7 @@ static int nf_tables_newobj(struct net *
|
|
return 0;
|
|
}
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
|
|
type = nft_obj_type_get(objtype);
|
|
if (IS_ERR(type))
|
|
@@ -4622,7 +4484,7 @@ static int nf_tables_dump_obj(struct sk_
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
- if (family != NFPROTO_UNSPEC && family != table->afi->family)
|
|
+ if (family != NFPROTO_UNSPEC && family != table->family)
|
|
continue;
|
|
|
|
list_for_each_entry_rcu(obj, &table->objects, list) {
|
|
@@ -4645,7 +4507,7 @@ static int nf_tables_dump_obj(struct sk_
|
|
cb->nlh->nlmsg_seq,
|
|
NFT_MSG_NEWOBJ,
|
|
NLM_F_MULTI | NLM_F_APPEND,
|
|
- table->afi->family, table,
|
|
+ table->family, table,
|
|
obj, reset) < 0)
|
|
goto done;
|
|
|
|
@@ -4703,7 +4565,6 @@ static int nf_tables_getobj(struct net *
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_cur(net);
|
|
int family = nfmsg->nfgen_family;
|
|
- const struct nft_af_info *afi;
|
|
const struct nft_table *table;
|
|
struct nft_object *obj;
|
|
struct sk_buff *skb2;
|
|
@@ -4734,11 +4595,7 @@ static int nf_tables_getobj(struct net *
|
|
!nla[NFTA_OBJ_TYPE])
|
|
return -EINVAL;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -4785,7 +4642,6 @@ static int nf_tables_delobj(struct net *
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
u8 genmask = nft_genmask_next(net);
|
|
int family = nfmsg->nfgen_family;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_object *obj;
|
|
struct nft_ctx ctx;
|
|
@@ -4795,11 +4651,7 @@ static int nf_tables_delobj(struct net *
|
|
!nla[NFTA_OBJ_NAME])
|
|
return -EINVAL;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, true);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family,
|
|
+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
|
genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
@@ -4811,7 +4663,7 @@ static int nf_tables_delobj(struct net *
|
|
if (obj->use > 0)
|
|
return -EBUSY;
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
|
|
return nft_delobj(&ctx, obj);
|
|
}
|
|
@@ -4996,33 +4848,31 @@ err1:
|
|
return err;
|
|
}
|
|
|
|
-static const struct nf_flowtable_type *
|
|
-__nft_flowtable_type_get(const struct nft_af_info *afi)
|
|
+static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family)
|
|
{
|
|
const struct nf_flowtable_type *type;
|
|
|
|
list_for_each_entry(type, &nf_tables_flowtables, list) {
|
|
- if (afi->family == type->family)
|
|
+ if (family == type->family)
|
|
return type;
|
|
}
|
|
return NULL;
|
|
}
|
|
|
|
-static const struct nf_flowtable_type *
|
|
-nft_flowtable_type_get(const struct nft_af_info *afi)
|
|
+static const struct nf_flowtable_type *nft_flowtable_type_get(u8 family)
|
|
{
|
|
const struct nf_flowtable_type *type;
|
|
|
|
- type = __nft_flowtable_type_get(afi);
|
|
+ type = __nft_flowtable_type_get(family);
|
|
if (type != NULL && try_module_get(type->owner))
|
|
return type;
|
|
|
|
#ifdef CONFIG_MODULES
|
|
if (type == NULL) {
|
|
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
|
- request_module("nf-flowtable-%u", afi->family);
|
|
+ request_module("nf-flowtable-%u", family);
|
|
nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
|
- if (__nft_flowtable_type_get(afi))
|
|
+ if (__nft_flowtable_type_get(family))
|
|
return ERR_PTR(-EAGAIN);
|
|
}
|
|
#endif
|
|
@@ -5070,7 +4920,6 @@ static int nf_tables_newflowtable(struct
|
|
u8 genmask = nft_genmask_next(net);
|
|
int family = nfmsg->nfgen_family;
|
|
struct nft_flowtable *flowtable;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_ctx ctx;
|
|
int err, i, k;
|
|
@@ -5080,12 +4929,8 @@ static int nf_tables_newflowtable(struct
|
|
!nla[NFTA_FLOWTABLE_HOOK])
|
|
return -EINVAL;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, true);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
|
|
- afi->family, genmask);
|
|
+ family, genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
|
|
@@ -5102,7 +4947,7 @@ static int nf_tables_newflowtable(struct
|
|
return 0;
|
|
}
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
|
|
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
|
if (!flowtable)
|
|
@@ -5115,7 +4960,7 @@ static int nf_tables_newflowtable(struct
|
|
goto err1;
|
|
}
|
|
|
|
- type = nft_flowtable_type_get(afi);
|
|
+ type = nft_flowtable_type_get(family);
|
|
if (IS_ERR(type)) {
|
|
err = PTR_ERR(type);
|
|
goto err2;
|
|
@@ -5175,16 +5020,11 @@ static int nf_tables_delflowtable(struct
|
|
u8 genmask = nft_genmask_next(net);
|
|
int family = nfmsg->nfgen_family;
|
|
struct nft_flowtable *flowtable;
|
|
- struct nft_af_info *afi;
|
|
struct nft_table *table;
|
|
struct nft_ctx ctx;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, true);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
|
|
- afi->family, genmask);
|
|
+ family, genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
|
|
@@ -5195,7 +5035,7 @@ static int nf_tables_delflowtable(struct
|
|
if (flowtable->use > 0)
|
|
return -EBUSY;
|
|
|
|
- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
|
|
+ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
|
|
|
return nft_delflowtable(&ctx, flowtable);
|
|
}
|
|
@@ -5270,7 +5110,7 @@ static int nf_tables_dump_flowtable(stru
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
- if (family != NFPROTO_UNSPEC && family != table->afi->family)
|
|
+ if (family != NFPROTO_UNSPEC && family != table->family)
|
|
continue;
|
|
|
|
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
|
@@ -5289,7 +5129,7 @@ static int nf_tables_dump_flowtable(stru
|
|
cb->nlh->nlmsg_seq,
|
|
NFT_MSG_NEWFLOWTABLE,
|
|
NLM_F_MULTI | NLM_F_APPEND,
|
|
- table->afi->family, flowtable) < 0)
|
|
+ table->family, flowtable) < 0)
|
|
goto done;
|
|
|
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
|
@@ -5349,7 +5189,6 @@ static int nf_tables_getflowtable(struct
|
|
u8 genmask = nft_genmask_cur(net);
|
|
int family = nfmsg->nfgen_family;
|
|
struct nft_flowtable *flowtable;
|
|
- const struct nft_af_info *afi;
|
|
const struct nft_table *table;
|
|
struct sk_buff *skb2;
|
|
int err;
|
|
@@ -5375,12 +5214,8 @@ static int nf_tables_getflowtable(struct
|
|
if (!nla[NFTA_FLOWTABLE_NAME])
|
|
return -EINVAL;
|
|
|
|
- afi = nf_tables_afinfo_lookup(net, family, false);
|
|
- if (IS_ERR(afi))
|
|
- return PTR_ERR(afi);
|
|
-
|
|
table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
|
|
- afi->family, genmask);
|
|
+ family, genmask);
|
|
if (IS_ERR(table))
|
|
return PTR_ERR(table);
|
|
|
|
@@ -6551,7 +6386,7 @@ int __nft_release_basechain(struct nft_c
|
|
}
|
|
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
|
|
|
-static void __nft_release_afinfo(struct net *net)
|
|
+static void __nft_release_tables(struct net *net)
|
|
{
|
|
struct nft_flowtable *flowtable, *nf;
|
|
struct nft_table *table, *nt;
|
|
@@ -6564,7 +6399,7 @@ static void __nft_release_afinfo(struct
|
|
};
|
|
|
|
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
|
- ctx.family = table->afi->family;
|
|
+ ctx.family = table->family;
|
|
|
|
list_for_each_entry(chain, &table->chains, list)
|
|
nf_tables_unregister_hook(net, table, chain);
|
|
@@ -6616,7 +6451,7 @@ static int __net_init nf_tables_init_net
|
|
|
|
static void __net_exit nf_tables_exit_net(struct net *net)
|
|
{
|
|
- __nft_release_afinfo(net);
|
|
+ __nft_release_tables(net);
|
|
WARN_ON_ONCE(!list_empty(&net->nft.tables));
|
|
WARN_ON_ONCE(!list_empty(&net->nft.commit_list));
|
|
}
|
|
--- a/net/netfilter/nf_tables_inet.c
|
|
+++ b/net/netfilter/nf_tables_inet.c
|
|
@@ -38,11 +38,6 @@ static unsigned int nft_do_chain_inet(vo
|
|
return nft_do_chain(&pkt, priv);
|
|
}
|
|
|
|
-static struct nft_af_info nft_af_inet __read_mostly = {
|
|
- .family = NFPROTO_INET,
|
|
- .owner = THIS_MODULE,
|
|
-};
|
|
-
|
|
static const struct nf_chain_type filter_inet = {
|
|
.name = "filter",
|
|
.type = NFT_CHAIN_T_DEFAULT,
|
|
@@ -64,26 +59,12 @@ static const struct nf_chain_type filter
|
|
|
|
static int __init nf_tables_inet_init(void)
|
|
{
|
|
- int ret;
|
|
-
|
|
- if (nft_register_afinfo(&nft_af_inet) < 0)
|
|
- return ret;
|
|
-
|
|
- ret = nft_register_chain_type(&filter_inet);
|
|
- if (ret < 0)
|
|
- goto err_register_chain;
|
|
-
|
|
- return ret;
|
|
-
|
|
-err_register_chain:
|
|
- nft_unregister_afinfo(&nft_af_inet);
|
|
- return ret;
|
|
+ return nft_register_chain_type(&filter_inet);
|
|
}
|
|
|
|
static void __exit nf_tables_inet_exit(void)
|
|
{
|
|
nft_unregister_chain_type(&filter_inet);
|
|
- nft_unregister_afinfo(&nft_af_inet);
|
|
}
|
|
|
|
module_init(nf_tables_inet_init);
|
|
@@ -91,4 +72,4 @@ module_exit(nf_tables_inet_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
|
|
-MODULE_ALIAS_NFT_FAMILY(1);
|
|
+MODULE_ALIAS_NFT_CHAIN(1, "filter");
|
|
--- a/net/netfilter/nf_tables_netdev.c
|
|
+++ b/net/netfilter/nf_tables_netdev.c
|
|
@@ -38,11 +38,6 @@ nft_do_chain_netdev(void *priv, struct s
|
|
return nft_do_chain(&pkt, priv);
|
|
}
|
|
|
|
-static struct nft_af_info nft_af_netdev __read_mostly = {
|
|
- .family = NFPROTO_NETDEV,
|
|
- .owner = THIS_MODULE,
|
|
-};
|
|
-
|
|
static const struct nf_chain_type nft_filter_chain_netdev = {
|
|
.name = "filter",
|
|
.type = NFT_CHAIN_T_DEFAULT,
|
|
@@ -91,10 +86,10 @@ static int nf_tables_netdev_event(struct
|
|
|
|
nfnl_lock(NFNL_SUBSYS_NFTABLES);
|
|
list_for_each_entry(table, &ctx.net->nft.tables, list) {
|
|
- if (table->afi->family != NFPROTO_NETDEV)
|
|
+ if (table->family != NFPROTO_NETDEV)
|
|
continue;
|
|
|
|
- ctx.family = table->afi->family;
|
|
+ ctx.family = table->family;
|
|
ctx.table = table;
|
|
list_for_each_entry_safe(chain, nr, &table->chains, list) {
|
|
if (!nft_is_base_chain(chain))
|
|
@@ -117,12 +112,9 @@ static int __init nf_tables_netdev_init(
|
|
{
|
|
int ret;
|
|
|
|
- if (nft_register_afinfo(&nft_af_netdev) < 0)
|
|
- return ret;
|
|
-
|
|
ret = nft_register_chain_type(&nft_filter_chain_netdev);
|
|
if (ret)
|
|
- goto err_register_chain_type;
|
|
+ return ret;
|
|
|
|
ret = register_netdevice_notifier(&nf_tables_netdev_notifier);
|
|
if (ret)
|
|
@@ -132,8 +124,6 @@ static int __init nf_tables_netdev_init(
|
|
|
|
err_register_netdevice_notifier:
|
|
nft_unregister_chain_type(&nft_filter_chain_netdev);
|
|
-err_register_chain_type:
|
|
- nft_unregister_afinfo(&nft_af_netdev);
|
|
|
|
return ret;
|
|
}
|
|
@@ -142,7 +132,6 @@ static void __exit nf_tables_netdev_exit
|
|
{
|
|
unregister_netdevice_notifier(&nf_tables_netdev_notifier);
|
|
nft_unregister_chain_type(&nft_filter_chain_netdev);
|
|
- nft_unregister_afinfo(&nft_af_netdev);
|
|
}
|
|
|
|
module_init(nf_tables_netdev_init);
|
|
@@ -150,4 +139,4 @@ module_exit(nf_tables_netdev_exit);
|
|
|
|
MODULE_LICENSE("GPL");
|
|
MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
|
|
-MODULE_ALIAS_NFT_FAMILY(5); /* NFPROTO_NETDEV */
|
|
+MODULE_ALIAS_NFT_CHAIN(5, "filter"); /* NFPROTO_NETDEV */
|
|
|