OpenWrt – Blame information for rev 2
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
1 | office | 1 | From: Pablo Neira Ayuso <pablo@netfilter.org> |
2 | Date: Tue, 9 Jan 2018 02:48:47 +0100 |
||
3 | Subject: [PATCH] netfilter: nf_tables: get rid of struct nft_af_info |
||
4 | abstraction |
||
5 | |||
6 | Remove the infrastructure to register/unregister nft_af_info structure, |
||
7 | this structure stores no useful information anymore. |
||
8 | |||
9 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> |
||
10 | --- |
||
11 | |||
12 | --- a/include/net/netfilter/nf_tables.h |
||
13 | +++ b/include/net/netfilter/nf_tables.h |
||
14 | @@ -955,28 +955,12 @@ struct nft_table { |
||
15 | struct list_head flowtables; |
||
16 | u64 hgenerator; |
||
17 | u32 use; |
||
18 | - u16 flags:14, |
||
19 | + u16 family:6, |
||
20 | + flags:8, |
||
21 | genmask:2; |
||
22 | - struct nft_af_info *afi; |
||
23 | char *name; |
||
24 | }; |
||
25 | |||
26 | -/** |
||
27 | - * struct nft_af_info - nf_tables address family info |
||
28 | - * |
||
29 | - * @list: used internally |
||
30 | - * @family: address family |
||
31 | - * @owner: module owner |
||
32 | - */ |
||
33 | -struct nft_af_info { |
||
34 | - struct list_head list; |
||
35 | - int family; |
||
36 | - struct module *owner; |
||
37 | -}; |
||
38 | - |
||
39 | -int nft_register_afinfo(struct nft_af_info *); |
||
40 | -void nft_unregister_afinfo(struct nft_af_info *); |
||
41 | - |
||
42 | int nft_register_chain_type(const struct nf_chain_type *); |
||
43 | void nft_unregister_chain_type(const struct nf_chain_type *); |
||
44 | |||
45 | @@ -1144,9 +1128,6 @@ void nft_trace_notify(struct nft_tracein |
||
46 | #define nft_dereference(p) \ |
||
47 | nfnl_dereference(p, NFNL_SUBSYS_NFTABLES) |
||
48 | |||
49 | -#define MODULE_ALIAS_NFT_FAMILY(family) \ |
||
50 | - MODULE_ALIAS("nft-afinfo-" __stringify(family)) |
||
51 | - |
||
52 | #define MODULE_ALIAS_NFT_CHAIN(family, name) \ |
||
53 | MODULE_ALIAS("nft-chain-" __stringify(family) "-" name) |
||
54 | |||
55 | --- a/net/bridge/netfilter/nf_tables_bridge.c |
||
56 | +++ b/net/bridge/netfilter/nf_tables_bridge.c |
||
57 | @@ -42,11 +42,6 @@ nft_do_chain_bridge(void *priv, |
||
58 | return nft_do_chain(&pkt, priv); |
||
59 | } |
||
60 | |||
61 | -static struct nft_af_info nft_af_bridge __read_mostly = { |
||
62 | - .family = NFPROTO_BRIDGE, |
||
63 | - .owner = THIS_MODULE, |
||
64 | -}; |
||
65 | - |
||
66 | static const struct nf_chain_type filter_bridge = { |
||
67 | .name = "filter", |
||
68 | .type = NFT_CHAIN_T_DEFAULT, |
||
69 | @@ -68,28 +63,12 @@ static const struct nf_chain_type filter |
||
70 | |||
71 | static int __init nf_tables_bridge_init(void) |
||
72 | { |
||
73 | - int ret; |
||
74 | - |
||
75 | - ret = nft_register_afinfo(&nft_af_bridge); |
||
76 | - if (ret < 0) |
||
77 | - return ret; |
||
78 | - |
||
79 | - ret = nft_register_chain_type(&filter_bridge); |
||
80 | - if (ret < 0) |
||
81 | - goto err_register_chain; |
||
82 | - |
||
83 | - return ret; |
||
84 | - |
||
85 | -err_register_chain: |
||
86 | - nft_unregister_chain_type(&filter_bridge); |
||
87 | - |
||
88 | - return ret; |
||
89 | + return nft_register_chain_type(&filter_bridge); |
||
90 | } |
||
91 | |||
92 | static void __exit nf_tables_bridge_exit(void) |
||
93 | { |
||
94 | nft_unregister_chain_type(&filter_bridge); |
||
95 | - nft_unregister_afinfo(&nft_af_bridge); |
||
96 | } |
||
97 | |||
98 | module_init(nf_tables_bridge_init); |
||
99 | @@ -97,4 +76,4 @@ module_exit(nf_tables_bridge_exit); |
||
100 | |||
101 | MODULE_LICENSE("GPL"); |
||
102 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
||
103 | -MODULE_ALIAS_NFT_FAMILY(AF_BRIDGE); |
||
104 | +MODULE_ALIAS_NFT_CHAIN(AF_BRIDGE, "filter"); |
||
105 | --- a/net/ipv4/netfilter/nf_tables_arp.c |
||
106 | +++ b/net/ipv4/netfilter/nf_tables_arp.c |
||
107 | @@ -27,11 +27,6 @@ nft_do_chain_arp(void *priv, |
||
108 | return nft_do_chain(&pkt, priv); |
||
109 | } |
||
110 | |||
111 | -static struct nft_af_info nft_af_arp __read_mostly = { |
||
112 | - .family = NFPROTO_ARP, |
||
113 | - .owner = THIS_MODULE, |
||
114 | -}; |
||
115 | - |
||
116 | static const struct nf_chain_type filter_arp = { |
||
117 | .name = "filter", |
||
118 | .type = NFT_CHAIN_T_DEFAULT, |
||
119 | @@ -47,28 +42,12 @@ static const struct nf_chain_type filter |
||
120 | |||
121 | static int __init nf_tables_arp_init(void) |
||
122 | { |
||
123 | - int ret; |
||
124 | - |
||
125 | - ret = nft_register_afinfo(&nft_af_arp); |
||
126 | - if (ret < 0) |
||
127 | - return ret; |
||
128 | - |
||
129 | - ret = nft_register_chain_type(&filter_arp); |
||
130 | - if (ret < 0) |
||
131 | - goto err_register_chain; |
||
132 | - |
||
133 | - return 0; |
||
134 | - |
||
135 | -err_register_chain: |
||
136 | - nft_unregister_chain_type(&filter_arp); |
||
137 | - |
||
138 | - return ret; |
||
139 | + return nft_register_chain_type(&filter_arp); |
||
140 | } |
||
141 | |||
142 | static void __exit nf_tables_arp_exit(void) |
||
143 | { |
||
144 | nft_unregister_chain_type(&filter_arp); |
||
145 | - nft_unregister_afinfo(&nft_af_arp); |
||
146 | } |
||
147 | |||
148 | module_init(nf_tables_arp_init); |
||
149 | @@ -76,4 +55,4 @@ module_exit(nf_tables_arp_exit); |
||
150 | |||
151 | MODULE_LICENSE("GPL"); |
||
152 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
||
153 | -MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */ |
||
154 | +MODULE_ALIAS_NFT_CHAIN(3, "filter"); /* NFPROTO_ARP */ |
||
155 | --- a/net/ipv4/netfilter/nf_tables_ipv4.c |
||
156 | +++ b/net/ipv4/netfilter/nf_tables_ipv4.c |
||
157 | @@ -30,11 +30,6 @@ static unsigned int nft_do_chain_ipv4(vo |
||
158 | return nft_do_chain(&pkt, priv); |
||
159 | } |
||
160 | |||
161 | -static struct nft_af_info nft_af_ipv4 __read_mostly = { |
||
162 | - .family = NFPROTO_IPV4, |
||
163 | - .owner = THIS_MODULE, |
||
164 | -}; |
||
165 | - |
||
166 | static const struct nf_chain_type filter_ipv4 = { |
||
167 | .name = "filter", |
||
168 | .type = NFT_CHAIN_T_DEFAULT, |
||
169 | @@ -56,27 +51,12 @@ static const struct nf_chain_type filter |
||
170 | |||
171 | static int __init nf_tables_ipv4_init(void) |
||
172 | { |
||
173 | - int ret; |
||
174 | - |
||
175 | - ret = nft_register_afinfo(&nft_af_ipv4); |
||
176 | - if (ret < 0) |
||
177 | - return ret; |
||
178 | - |
||
179 | - ret = nft_register_chain_type(&filter_ipv4); |
||
180 | - if (ret < 0) |
||
181 | - goto err_register_chain; |
||
182 | - |
||
183 | - return 0; |
||
184 | - |
||
185 | -err_register_chain: |
||
186 | - nft_unregister_afinfo(&nft_af_ipv4); |
||
187 | - return ret; |
||
188 | + return nft_register_chain_type(&filter_ipv4); |
||
189 | } |
||
190 | |||
191 | static void __exit nf_tables_ipv4_exit(void) |
||
192 | { |
||
193 | nft_unregister_chain_type(&filter_ipv4); |
||
194 | - nft_unregister_afinfo(&nft_af_ipv4); |
||
195 | } |
||
196 | |||
197 | module_init(nf_tables_ipv4_init); |
||
198 | @@ -84,4 +64,4 @@ module_exit(nf_tables_ipv4_exit); |
||
199 | |||
200 | MODULE_LICENSE("GPL"); |
||
201 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
||
202 | -MODULE_ALIAS_NFT_FAMILY(AF_INET); |
||
203 | +MODULE_ALIAS_NFT_CHAIN(AF_INET, "filter"); |
||
204 | --- a/net/ipv6/netfilter/nf_tables_ipv6.c |
||
205 | +++ b/net/ipv6/netfilter/nf_tables_ipv6.c |
||
206 | @@ -28,11 +28,6 @@ static unsigned int nft_do_chain_ipv6(vo |
||
207 | return nft_do_chain(&pkt, priv); |
||
208 | } |
||
209 | |||
210 | -static struct nft_af_info nft_af_ipv6 __read_mostly = { |
||
211 | - .family = NFPROTO_IPV6, |
||
212 | - .owner = THIS_MODULE, |
||
213 | -}; |
||
214 | - |
||
215 | static const struct nf_chain_type filter_ipv6 = { |
||
216 | .name = "filter", |
||
217 | .type = NFT_CHAIN_T_DEFAULT, |
||
218 | @@ -54,26 +49,11 @@ static const struct nf_chain_type filter |
||
219 | |||
220 | static int __init nf_tables_ipv6_init(void) |
||
221 | { |
||
222 | - int ret; |
||
223 | - |
||
224 | - ret = nft_register_afinfo(&nft_af_ipv6); |
||
225 | - if (ret < 0) |
||
226 | - return ret; |
||
227 | - |
||
228 | - ret = nft_register_chain_type(&filter_ipv6); |
||
229 | - if (ret < 0) |
||
230 | - goto err_register_chain; |
||
231 | - |
||
232 | - return 0; |
||
233 | - |
||
234 | -err_register_chain: |
||
235 | - nft_unregister_afinfo(&nft_af_ipv6); |
||
236 | - return ret; |
||
237 | + return nft_register_chain_type(&filter_ipv6); |
||
238 | } |
||
239 | |||
240 | static void __exit nf_tables_ipv6_exit(void) |
||
241 | { |
||
242 | - nft_unregister_afinfo(&nft_af_ipv6); |
||
243 | nft_unregister_chain_type(&filter_ipv6); |
||
244 | } |
||
245 | |||
246 | @@ -82,4 +62,4 @@ module_exit(nf_tables_ipv6_exit); |
||
247 | |||
248 | MODULE_LICENSE("GPL"); |
||
249 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
||
250 | -MODULE_ALIAS_NFT_FAMILY(AF_INET6); |
||
251 | +MODULE_ALIAS_NFT_CHAIN(AF_INET6, "filter"); |
||
252 | --- a/net/netfilter/nf_tables_api.c |
||
253 | +++ b/net/netfilter/nf_tables_api.c |
||
254 | @@ -26,71 +26,6 @@ |
||
255 | static LIST_HEAD(nf_tables_expressions); |
||
256 | static LIST_HEAD(nf_tables_objects); |
||
257 | static LIST_HEAD(nf_tables_flowtables); |
||
258 | -static LIST_HEAD(nf_tables_af_info); |
||
259 | - |
||
260 | -/** |
||
261 | - * nft_register_afinfo - register nf_tables address family info |
||
262 | - * |
||
263 | - * @afi: address family info to register |
||
264 | - * |
||
265 | - * Register the address family for use with nf_tables. Returns zero on |
||
266 | - * success or a negative errno code otherwise. |
||
267 | - */ |
||
268 | -int nft_register_afinfo(struct nft_af_info *afi) |
||
269 | -{ |
||
270 | - nfnl_lock(NFNL_SUBSYS_NFTABLES); |
||
271 | - list_add_tail_rcu(&afi->list, &nf_tables_af_info); |
||
272 | - nfnl_unlock(NFNL_SUBSYS_NFTABLES); |
||
273 | - return 0; |
||
274 | -} |
||
275 | -EXPORT_SYMBOL_GPL(nft_register_afinfo); |
||
276 | - |
||
277 | -/** |
||
278 | - * nft_unregister_afinfo - unregister nf_tables address family info |
||
279 | - * |
||
280 | - * @afi: address family info to unregister |
||
281 | - * |
||
282 | - * Unregister the address family for use with nf_tables. |
||
283 | - */ |
||
284 | -void nft_unregister_afinfo(struct nft_af_info *afi) |
||
285 | -{ |
||
286 | - nfnl_lock(NFNL_SUBSYS_NFTABLES); |
||
287 | - list_del_rcu(&afi->list); |
||
288 | - nfnl_unlock(NFNL_SUBSYS_NFTABLES); |
||
289 | -} |
||
290 | -EXPORT_SYMBOL_GPL(nft_unregister_afinfo); |
||
291 | - |
||
292 | -static struct nft_af_info *nft_afinfo_lookup(struct net *net, int family) |
||
293 | -{ |
||
294 | - struct nft_af_info *afi; |
||
295 | - |
||
296 | - list_for_each_entry(afi, &nf_tables_af_info, list) { |
||
297 | - if (afi->family == family) |
||
298 | - return afi; |
||
299 | - } |
||
300 | - return NULL; |
||
301 | -} |
||
302 | - |
||
303 | -static struct nft_af_info * |
||
304 | -nf_tables_afinfo_lookup(struct net *net, int family, bool autoload) |
||
305 | -{ |
||
306 | - struct nft_af_info *afi; |
||
307 | - |
||
308 | - afi = nft_afinfo_lookup(net, family); |
||
309 | - if (afi != NULL) |
||
310 | - return afi; |
||
311 | -#ifdef CONFIG_MODULES |
||
312 | - if (autoload) { |
||
313 | - nfnl_unlock(NFNL_SUBSYS_NFTABLES); |
||
314 | - request_module("nft-afinfo-%u", family); |
||
315 | - nfnl_lock(NFNL_SUBSYS_NFTABLES); |
||
316 | - afi = nft_afinfo_lookup(net, family); |
||
317 | - if (afi != NULL) |
||
318 | - return ERR_PTR(-EAGAIN); |
||
319 | - } |
||
320 | -#endif |
||
321 | - return ERR_PTR(-EAFNOSUPPORT); |
||
322 | -} |
||
323 | |||
324 | static void nft_ctx_init(struct nft_ctx *ctx, |
||
325 | struct net *net, |
||
326 | @@ -419,7 +354,7 @@ static struct nft_table *nft_table_looku |
||
327 | |||
328 | list_for_each_entry(table, &net->nft.tables, list) { |
||
329 | if (!nla_strcmp(nla, table->name) && |
||
330 | - table->afi->family == family && |
||
331 | + table->family == family && |
||
332 | nft_active_genmask(table, genmask)) |
||
333 | return table; |
||
334 | } |
||
335 | @@ -560,7 +495,7 @@ static int nf_tables_dump_tables(struct |
||
336 | cb->seq = net->nft.base_seq; |
||
337 | |||
338 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
339 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
||
340 | + if (family != NFPROTO_UNSPEC && family != table->family) |
||
341 | continue; |
||
342 | |||
343 | if (idx < s_idx) |
||
344 | @@ -574,7 +509,7 @@ static int nf_tables_dump_tables(struct |
||
345 | NETLINK_CB(cb->skb).portid, |
||
346 | cb->nlh->nlmsg_seq, |
||
347 | NFT_MSG_NEWTABLE, NLM_F_MULTI, |
||
348 | - table->afi->family, table) < 0) |
||
349 | + table->family, table) < 0) |
||
350 | goto done; |
||
351 | |||
352 | nl_dump_check_consistent(cb, nlmsg_hdr(skb)); |
||
353 | @@ -594,7 +529,6 @@ static int nf_tables_gettable(struct net |
||
354 | { |
||
355 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
356 | u8 genmask = nft_genmask_cur(net); |
||
357 | - const struct nft_af_info *afi; |
||
358 | const struct nft_table *table; |
||
359 | struct sk_buff *skb2; |
||
360 | int family = nfmsg->nfgen_family; |
||
361 | @@ -607,11 +541,7 @@ static int nf_tables_gettable(struct net |
||
362 | return netlink_dump_start(nlsk, skb, nlh, &c); |
||
363 | } |
||
364 | |||
365 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
366 | - if (IS_ERR(afi)) |
||
367 | - return PTR_ERR(afi); |
||
368 | - |
||
369 | - table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, |
||
370 | + table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, |
||
371 | genmask); |
||
372 | if (IS_ERR(table)) |
||
373 | return PTR_ERR(table); |
||
374 | @@ -731,19 +661,14 @@ static int nf_tables_newtable(struct net |
||
375 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
376 | u8 genmask = nft_genmask_next(net); |
||
377 | const struct nlattr *name; |
||
378 | - struct nft_af_info *afi; |
||
379 | struct nft_table *table; |
||
380 | int family = nfmsg->nfgen_family; |
||
381 | u32 flags = 0; |
||
382 | struct nft_ctx ctx; |
||
383 | int err; |
||
384 | |||
385 | - afi = nf_tables_afinfo_lookup(net, family, true); |
||
386 | - if (IS_ERR(afi)) |
||
387 | - return PTR_ERR(afi); |
||
388 | - |
||
389 | name = nla[NFTA_TABLE_NAME]; |
||
390 | - table = nf_tables_table_lookup(net, name, afi->family, genmask); |
||
391 | + table = nf_tables_table_lookup(net, name, family, genmask); |
||
392 | if (IS_ERR(table)) { |
||
393 | if (PTR_ERR(table) != -ENOENT) |
||
394 | return PTR_ERR(table); |
||
395 | @@ -753,7 +678,7 @@ static int nf_tables_newtable(struct net |
||
396 | if (nlh->nlmsg_flags & NLM_F_REPLACE) |
||
397 | return -EOPNOTSUPP; |
||
398 | |||
399 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
400 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
401 | return nf_tables_updtable(&ctx); |
||
402 | } |
||
403 | |||
404 | @@ -763,40 +688,34 @@ static int nf_tables_newtable(struct net |
||
405 | return -EINVAL; |
||
406 | } |
||
407 | |||
408 | - err = -EAFNOSUPPORT; |
||
409 | - if (!try_module_get(afi->owner)) |
||
410 | - goto err1; |
||
411 | - |
||
412 | err = -ENOMEM; |
||
413 | table = kzalloc(sizeof(*table), GFP_KERNEL); |
||
414 | if (table == NULL) |
||
415 | - goto err2; |
||
416 | + goto err_kzalloc; |
||
417 | |||
418 | table->name = nla_strdup(name, GFP_KERNEL); |
||
419 | if (table->name == NULL) |
||
420 | - goto err3; |
||
421 | + goto err_strdup; |
||
422 | |||
423 | INIT_LIST_HEAD(&table->chains); |
||
424 | INIT_LIST_HEAD(&table->sets); |
||
425 | INIT_LIST_HEAD(&table->objects); |
||
426 | INIT_LIST_HEAD(&table->flowtables); |
||
427 | - table->afi = afi; |
||
428 | + table->family = family; |
||
429 | table->flags = flags; |
||
430 | |||
431 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
432 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
433 | err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); |
||
434 | if (err < 0) |
||
435 | - goto err4; |
||
436 | + goto err_trans; |
||
437 | |||
438 | list_add_tail_rcu(&table->list, &net->nft.tables); |
||
439 | return 0; |
||
440 | -err4: |
||
441 | +err_trans: |
||
442 | kfree(table->name); |
||
443 | -err3: |
||
444 | +err_strdup: |
||
445 | kfree(table); |
||
446 | -err2: |
||
447 | - module_put(afi->owner); |
||
448 | -err1: |
||
449 | +err_kzalloc: |
||
450 | return err; |
||
451 | } |
||
452 | |||
453 | @@ -867,10 +786,10 @@ static int nft_flush(struct nft_ctx *ctx |
||
454 | int err = 0; |
||
455 | |||
456 | list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { |
||
457 | - if (family != AF_UNSPEC && table->afi->family != family) |
||
458 | + if (family != AF_UNSPEC && table->family != family) |
||
459 | continue; |
||
460 | |||
461 | - ctx->family = table->afi->family; |
||
462 | + ctx->family = table->family; |
||
463 | |||
464 | if (!nft_is_active_next(ctx->net, table)) |
||
465 | continue; |
||
466 | @@ -896,7 +815,6 @@ static int nf_tables_deltable(struct net |
||
467 | { |
||
468 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
469 | u8 genmask = nft_genmask_next(net); |
||
470 | - struct nft_af_info *afi; |
||
471 | struct nft_table *table; |
||
472 | int family = nfmsg->nfgen_family; |
||
473 | struct nft_ctx ctx; |
||
474 | @@ -905,11 +823,7 @@ static int nf_tables_deltable(struct net |
||
475 | if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) |
||
476 | return nft_flush(&ctx, family); |
||
477 | |||
478 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
479 | - if (IS_ERR(afi)) |
||
480 | - return PTR_ERR(afi); |
||
481 | - |
||
482 | - table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, |
||
483 | + table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, |
||
484 | genmask); |
||
485 | if (IS_ERR(table)) |
||
486 | return PTR_ERR(table); |
||
487 | @@ -918,7 +832,7 @@ static int nf_tables_deltable(struct net |
||
488 | table->use > 0) |
||
489 | return -EBUSY; |
||
490 | |||
491 | - ctx.family = afi->family; |
||
492 | + ctx.family = family; |
||
493 | ctx.table = table; |
||
494 | |||
495 | return nft_flush_table(&ctx); |
||
496 | @@ -930,7 +844,6 @@ static void nf_tables_table_destroy(stru |
||
497 | |||
498 | kfree(ctx->table->name); |
||
499 | kfree(ctx->table); |
||
500 | - module_put(ctx->table->afi->owner); |
||
501 | } |
||
502 | |||
503 | int nft_register_chain_type(const struct nf_chain_type *ctype) |
||
504 | @@ -1159,7 +1072,7 @@ static int nf_tables_dump_chains(struct |
||
505 | cb->seq = net->nft.base_seq; |
||
506 | |||
507 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
508 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
||
509 | + if (family != NFPROTO_UNSPEC && family != table->family) |
||
510 | continue; |
||
511 | |||
512 | list_for_each_entry_rcu(chain, &table->chains, list) { |
||
513 | @@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct |
||
514 | cb->nlh->nlmsg_seq, |
||
515 | NFT_MSG_NEWCHAIN, |
||
516 | NLM_F_MULTI, |
||
517 | - table->afi->family, table, |
||
518 | + table->family, table, |
||
519 | chain) < 0) |
||
520 | goto done; |
||
521 | |||
522 | @@ -1197,7 +1110,6 @@ static int nf_tables_getchain(struct net |
||
523 | { |
||
524 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
525 | u8 genmask = nft_genmask_cur(net); |
||
526 | - const struct nft_af_info *afi; |
||
527 | const struct nft_table *table; |
||
528 | const struct nft_chain *chain; |
||
529 | struct sk_buff *skb2; |
||
530 | @@ -1211,11 +1123,7 @@ static int nf_tables_getchain(struct net |
||
531 | return netlink_dump_start(nlsk, skb, nlh, &c); |
||
532 | } |
||
533 | |||
534 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
535 | - if (IS_ERR(afi)) |
||
536 | - return PTR_ERR(afi); |
||
537 | - |
||
538 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
||
539 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
||
540 | genmask); |
||
541 | if (IS_ERR(table)) |
||
542 | return PTR_ERR(table); |
||
543 | @@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net |
||
544 | const struct nlattr * uninitialized_var(name); |
||
545 | u8 genmask = nft_genmask_next(net); |
||
546 | int family = nfmsg->nfgen_family; |
||
547 | - struct nft_af_info *afi; |
||
548 | struct nft_table *table; |
||
549 | struct nft_chain *chain; |
||
550 | u8 policy = NF_ACCEPT; |
||
551 | @@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net |
||
552 | |||
553 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
||
554 | |||
555 | - afi = nf_tables_afinfo_lookup(net, family, true); |
||
556 | - if (IS_ERR(afi)) |
||
557 | - return PTR_ERR(afi); |
||
558 | - |
||
559 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
||
560 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
||
561 | genmask); |
||
562 | if (IS_ERR(table)) |
||
563 | return PTR_ERR(table); |
||
564 | @@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net |
||
565 | } |
||
566 | } |
||
567 | |||
568 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
||
569 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
||
570 | |||
571 | if (chain != NULL) { |
||
572 | if (nlh->nlmsg_flags & NLM_F_EXCL) |
||
573 | @@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net |
||
574 | { |
||
575 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
576 | u8 genmask = nft_genmask_next(net); |
||
577 | - struct nft_af_info *afi; |
||
578 | struct nft_table *table; |
||
579 | struct nft_chain *chain; |
||
580 | struct nft_rule *rule; |
||
581 | @@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net |
||
582 | u32 use; |
||
583 | int err; |
||
584 | |||
585 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
586 | - if (IS_ERR(afi)) |
||
587 | - return PTR_ERR(afi); |
||
588 | - |
||
589 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
||
590 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
||
591 | genmask); |
||
592 | if (IS_ERR(table)) |
||
593 | return PTR_ERR(table); |
||
594 | @@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net |
||
595 | chain->use > 0) |
||
596 | return -EBUSY; |
||
597 | |||
598 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
||
599 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
||
600 | |||
601 | use = chain->use; |
||
602 | list_for_each_entry(rule, &chain->rules, list) { |
||
603 | @@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s |
||
604 | cb->seq = net->nft.base_seq; |
||
605 | |||
606 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
607 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
||
608 | + if (family != NFPROTO_UNSPEC && family != table->family) |
||
609 | continue; |
||
610 | |||
611 | if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) |
||
612 | @@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s |
||
613 | cb->nlh->nlmsg_seq, |
||
614 | NFT_MSG_NEWRULE, |
||
615 | NLM_F_MULTI | NLM_F_APPEND, |
||
616 | - table->afi->family, |
||
617 | + table->family, |
||
618 | table, chain, rule) < 0) |
||
619 | goto done; |
||
620 | |||
621 | @@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net |
||
622 | { |
||
623 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
624 | u8 genmask = nft_genmask_cur(net); |
||
625 | - const struct nft_af_info *afi; |
||
626 | const struct nft_table *table; |
||
627 | const struct nft_chain *chain; |
||
628 | const struct nft_rule *rule; |
||
629 | @@ -2226,11 +2123,7 @@ static int nf_tables_getrule(struct net |
||
630 | return netlink_dump_start(nlsk, skb, nlh, &c); |
||
631 | } |
||
632 | |||
633 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
634 | - if (IS_ERR(afi)) |
||
635 | - return PTR_ERR(afi); |
||
636 | - |
||
637 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
||
638 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
||
639 | genmask); |
||
640 | if (IS_ERR(table)) |
||
641 | return PTR_ERR(table); |
||
642 | @@ -2296,7 +2189,7 @@ static int nf_tables_newrule(struct net |
||
643 | { |
||
644 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
645 | u8 genmask = nft_genmask_next(net); |
||
646 | - struct nft_af_info *afi; |
||
647 | + int family = nfmsg->nfgen_family; |
||
648 | struct nft_table *table; |
||
649 | struct nft_chain *chain; |
||
650 | struct nft_rule *rule, *old_rule = NULL; |
||
651 | @@ -2312,11 +2205,7 @@ static int nf_tables_newrule(struct net |
||
652 | |||
653 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
||
654 | |||
655 | - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create); |
||
656 | - if (IS_ERR(afi)) |
||
657 | - return PTR_ERR(afi); |
||
658 | - |
||
659 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
||
660 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
||
661 | genmask); |
||
662 | if (IS_ERR(table)) |
||
663 | return PTR_ERR(table); |
||
664 | @@ -2356,7 +2245,7 @@ static int nf_tables_newrule(struct net |
||
665 | return PTR_ERR(old_rule); |
||
666 | } |
||
667 | |||
668 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
||
669 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
||
670 | |||
671 | n = 0; |
||
672 | size = 0; |
||
673 | @@ -2478,18 +2367,13 @@ static int nf_tables_delrule(struct net |
||
674 | { |
||
675 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
676 | u8 genmask = nft_genmask_next(net); |
||
677 | - struct nft_af_info *afi; |
||
678 | struct nft_table *table; |
||
679 | struct nft_chain *chain = NULL; |
||
680 | struct nft_rule *rule; |
||
681 | int family = nfmsg->nfgen_family, err = 0; |
||
682 | struct nft_ctx ctx; |
||
683 | |||
684 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
685 | - if (IS_ERR(afi)) |
||
686 | - return PTR_ERR(afi); |
||
687 | - |
||
688 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
||
689 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
||
690 | genmask); |
||
691 | if (IS_ERR(table)) |
||
692 | return PTR_ERR(table); |
||
693 | @@ -2501,7 +2385,7 @@ static int nf_tables_delrule(struct net |
||
694 | return PTR_ERR(chain); |
||
695 | } |
||
696 | |||
697 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
||
698 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
||
699 | |||
700 | if (chain) { |
||
701 | if (nla[NFTA_RULE_HANDLE]) { |
||
702 | @@ -2686,26 +2570,17 @@ static int nft_ctx_init_from_setattr(str |
||
703 | u8 genmask) |
||
704 | { |
||
705 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
706 | - struct nft_af_info *afi = NULL; |
||
707 | + int family = nfmsg->nfgen_family; |
||
708 | struct nft_table *table = NULL; |
||
709 | |||
710 | - if (nfmsg->nfgen_family != NFPROTO_UNSPEC) { |
||
711 | - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); |
||
712 | - if (IS_ERR(afi)) |
||
713 | - return PTR_ERR(afi); |
||
714 | - } |
||
715 | - |
||
716 | if (nla[NFTA_SET_TABLE] != NULL) { |
||
717 | - if (afi == NULL) |
||
718 | - return -EAFNOSUPPORT; |
||
719 | - |
||
720 | table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], |
||
721 | - afi->family, genmask); |
||
722 | + family, genmask); |
||
723 | if (IS_ERR(table)) |
||
724 | return PTR_ERR(table); |
||
725 | } |
||
726 | |||
727 | - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
728 | + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); |
||
729 | return 0; |
||
730 | } |
||
731 | |||
732 | @@ -2937,7 +2812,7 @@ static int nf_tables_dump_sets(struct sk |
||
733 | |||
734 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
735 | if (ctx->family != NFPROTO_UNSPEC && |
||
736 | - ctx->family != table->afi->family) |
||
737 | + ctx->family != table->family) |
||
738 | continue; |
||
739 | |||
740 | if (ctx->table && ctx->table != table) |
||
741 | @@ -2958,7 +2833,7 @@ static int nf_tables_dump_sets(struct sk |
||
742 | |||
743 | ctx_set = *ctx; |
||
744 | ctx_set.table = table; |
||
745 | - ctx_set.family = table->afi->family; |
||
746 | + ctx_set.family = table->family; |
||
747 | |||
748 | if (nf_tables_fill_set(skb, &ctx_set, set, |
||
749 | NFT_MSG_NEWSET, |
||
750 | @@ -3070,8 +2945,8 @@ static int nf_tables_newset(struct net * |
||
751 | { |
||
752 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
753 | u8 genmask = nft_genmask_next(net); |
||
754 | + int family = nfmsg->nfgen_family; |
||
755 | const struct nft_set_ops *ops; |
||
756 | - struct nft_af_info *afi; |
||
757 | struct nft_table *table; |
||
758 | struct nft_set *set; |
||
759 | struct nft_ctx ctx; |
||
760 | @@ -3178,16 +3053,12 @@ static int nf_tables_newset(struct net * |
||
761 | |||
762 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
||
763 | |||
764 | - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create); |
||
765 | - if (IS_ERR(afi)) |
||
766 | - return PTR_ERR(afi); |
||
767 | - |
||
768 | - table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family, |
||
769 | + table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], family, |
||
770 | genmask); |
||
771 | if (IS_ERR(table)) |
||
772 | return PTR_ERR(table); |
||
773 | |||
774 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
775 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
776 | |||
777 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); |
||
778 | if (IS_ERR(set)) { |
||
779 | @@ -3449,19 +3320,15 @@ static int nft_ctx_init_from_elemattr(st |
||
780 | u8 genmask) |
||
781 | { |
||
782 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
783 | - struct nft_af_info *afi; |
||
784 | + int family = nfmsg->nfgen_family; |
||
785 | struct nft_table *table; |
||
786 | |||
787 | - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); |
||
788 | - if (IS_ERR(afi)) |
||
789 | - return PTR_ERR(afi); |
||
790 | - |
||
791 | table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], |
||
792 | - afi->family, genmask); |
||
793 | + family, genmask); |
||
794 | if (IS_ERR(table)) |
||
795 | return PTR_ERR(table); |
||
796 | |||
797 | - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
798 | + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); |
||
799 | return 0; |
||
800 | } |
||
801 | |||
802 | @@ -3579,7 +3446,7 @@ static int nf_tables_dump_set(struct sk_ |
||
803 | rcu_read_lock(); |
||
804 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
805 | if (dump_ctx->ctx.family != NFPROTO_UNSPEC && |
||
806 | - dump_ctx->ctx.family != table->afi->family) |
||
807 | + dump_ctx->ctx.family != table->family) |
||
808 | continue; |
||
809 | |||
810 | if (table != dump_ctx->ctx.table) |
||
811 | @@ -3609,7 +3476,7 @@ static int nf_tables_dump_set(struct sk_ |
||
812 | goto nla_put_failure; |
||
813 | |||
814 | nfmsg = nlmsg_data(nlh); |
||
815 | - nfmsg->nfgen_family = table->afi->family; |
||
816 | + nfmsg->nfgen_family = table->family; |
||
817 | nfmsg->version = NFNETLINK_V0; |
||
818 | nfmsg->res_id = htons(net->nft.base_seq & 0xffff); |
||
819 | |||
820 | @@ -4489,7 +4356,6 @@ static int nf_tables_newobj(struct net * |
||
821 | const struct nft_object_type *type; |
||
822 | u8 genmask = nft_genmask_next(net); |
||
823 | int family = nfmsg->nfgen_family; |
||
824 | - struct nft_af_info *afi; |
||
825 | struct nft_table *table; |
||
826 | struct nft_object *obj; |
||
827 | struct nft_ctx ctx; |
||
828 | @@ -4501,11 +4367,7 @@ static int nf_tables_newobj(struct net * |
||
829 | !nla[NFTA_OBJ_DATA]) |
||
830 | return -EINVAL; |
||
831 | |||
832 | - afi = nf_tables_afinfo_lookup(net, family, true); |
||
833 | - if (IS_ERR(afi)) |
||
834 | - return PTR_ERR(afi); |
||
835 | - |
||
836 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
||
837 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
||
838 | genmask); |
||
839 | if (IS_ERR(table)) |
||
840 | return PTR_ERR(table); |
||
841 | @@ -4524,7 +4386,7 @@ static int nf_tables_newobj(struct net * |
||
842 | return 0; |
||
843 | } |
||
844 | |||
845 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
846 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
847 | |||
848 | type = nft_obj_type_get(objtype); |
||
849 | if (IS_ERR(type)) |
||
850 | @@ -4616,7 +4478,7 @@ static int nf_tables_dump_obj(struct sk_ |
||
851 | cb->seq = net->nft.base_seq; |
||
852 | |||
853 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
854 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
||
855 | + if (family != NFPROTO_UNSPEC && family != table->family) |
||
856 | continue; |
||
857 | |||
858 | list_for_each_entry_rcu(obj, &table->objects, list) { |
||
859 | @@ -4639,7 +4501,7 @@ static int nf_tables_dump_obj(struct sk_ |
||
860 | cb->nlh->nlmsg_seq, |
||
861 | NFT_MSG_NEWOBJ, |
||
862 | NLM_F_MULTI | NLM_F_APPEND, |
||
863 | - table->afi->family, table, |
||
864 | + table->family, table, |
||
865 | obj, reset) < 0) |
||
866 | goto done; |
||
867 | |||
868 | @@ -4697,7 +4559,6 @@ static int nf_tables_getobj(struct net * |
||
869 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
870 | u8 genmask = nft_genmask_cur(net); |
||
871 | int family = nfmsg->nfgen_family; |
||
872 | - const struct nft_af_info *afi; |
||
873 | const struct nft_table *table; |
||
874 | struct nft_object *obj; |
||
875 | struct sk_buff *skb2; |
||
876 | @@ -4728,11 +4589,7 @@ static int nf_tables_getobj(struct net * |
||
877 | !nla[NFTA_OBJ_TYPE]) |
||
878 | return -EINVAL; |
||
879 | |||
880 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
881 | - if (IS_ERR(afi)) |
||
882 | - return PTR_ERR(afi); |
||
883 | - |
||
884 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
||
885 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
||
886 | genmask); |
||
887 | if (IS_ERR(table)) |
||
888 | return PTR_ERR(table); |
||
889 | @@ -4779,7 +4636,6 @@ static int nf_tables_delobj(struct net * |
||
890 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
||
891 | u8 genmask = nft_genmask_next(net); |
||
892 | int family = nfmsg->nfgen_family; |
||
893 | - struct nft_af_info *afi; |
||
894 | struct nft_table *table; |
||
895 | struct nft_object *obj; |
||
896 | struct nft_ctx ctx; |
||
897 | @@ -4789,11 +4645,7 @@ static int nf_tables_delobj(struct net * |
||
898 | !nla[NFTA_OBJ_NAME]) |
||
899 | return -EINVAL; |
||
900 | |||
901 | - afi = nf_tables_afinfo_lookup(net, family, true); |
||
902 | - if (IS_ERR(afi)) |
||
903 | - return PTR_ERR(afi); |
||
904 | - |
||
905 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
||
906 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
||
907 | genmask); |
||
908 | if (IS_ERR(table)) |
||
909 | return PTR_ERR(table); |
||
910 | @@ -4805,7 +4657,7 @@ static int nf_tables_delobj(struct net * |
||
911 | if (obj->use > 0) |
||
912 | return -EBUSY; |
||
913 | |||
914 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
915 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
916 | |||
917 | return nft_delobj(&ctx, obj); |
||
918 | } |
||
919 | @@ -4990,33 +4842,31 @@ err1: |
||
920 | return err; |
||
921 | } |
||
922 | |||
923 | -static const struct nf_flowtable_type * |
||
924 | -__nft_flowtable_type_get(const struct nft_af_info *afi) |
||
925 | +static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family) |
||
926 | { |
||
927 | const struct nf_flowtable_type *type; |
||
928 | |||
929 | list_for_each_entry(type, &nf_tables_flowtables, list) { |
||
930 | - if (afi->family == type->family) |
||
931 | + if (family == type->family) |
||
932 | return type; |
||
933 | } |
||
934 | return NULL; |
||
935 | } |
||
936 | |||
937 | -static const struct nf_flowtable_type * |
||
938 | -nft_flowtable_type_get(const struct nft_af_info *afi) |
||
939 | +static const struct nf_flowtable_type *nft_flowtable_type_get(u8 family) |
||
940 | { |
||
941 | const struct nf_flowtable_type *type; |
||
942 | |||
943 | - type = __nft_flowtable_type_get(afi); |
||
944 | + type = __nft_flowtable_type_get(family); |
||
945 | if (type != NULL && try_module_get(type->owner)) |
||
946 | return type; |
||
947 | |||
948 | #ifdef CONFIG_MODULES |
||
949 | if (type == NULL) { |
||
950 | nfnl_unlock(NFNL_SUBSYS_NFTABLES); |
||
951 | - request_module("nf-flowtable-%u", afi->family); |
||
952 | + request_module("nf-flowtable-%u", family); |
||
953 | nfnl_lock(NFNL_SUBSYS_NFTABLES); |
||
954 | - if (__nft_flowtable_type_get(afi)) |
||
955 | + if (__nft_flowtable_type_get(family)) |
||
956 | return ERR_PTR(-EAGAIN); |
||
957 | } |
||
958 | #endif |
||
959 | @@ -5064,7 +4914,6 @@ static int nf_tables_newflowtable(struct |
||
960 | u8 genmask = nft_genmask_next(net); |
||
961 | int family = nfmsg->nfgen_family; |
||
962 | struct nft_flowtable *flowtable; |
||
963 | - struct nft_af_info *afi; |
||
964 | struct nft_table *table; |
||
965 | struct nft_ctx ctx; |
||
966 | int err, i, k; |
||
967 | @@ -5074,12 +4923,8 @@ static int nf_tables_newflowtable(struct |
||
968 | !nla[NFTA_FLOWTABLE_HOOK]) |
||
969 | return -EINVAL; |
||
970 | |||
971 | - afi = nf_tables_afinfo_lookup(net, family, true); |
||
972 | - if (IS_ERR(afi)) |
||
973 | - return PTR_ERR(afi); |
||
974 | - |
||
975 | table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
||
976 | - afi->family, genmask); |
||
977 | + family, genmask); |
||
978 | if (IS_ERR(table)) |
||
979 | return PTR_ERR(table); |
||
980 | |||
981 | @@ -5096,7 +4941,7 @@ static int nf_tables_newflowtable(struct |
||
982 | return 0; |
||
983 | } |
||
984 | |||
985 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
986 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
987 | |||
988 | flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); |
||
989 | if (!flowtable) |
||
990 | @@ -5109,7 +4954,7 @@ static int nf_tables_newflowtable(struct |
||
991 | goto err1; |
||
992 | } |
||
993 | |||
994 | - type = nft_flowtable_type_get(afi); |
||
995 | + type = nft_flowtable_type_get(family); |
||
996 | if (IS_ERR(type)) { |
||
997 | err = PTR_ERR(type); |
||
998 | goto err2; |
||
999 | @@ -5169,16 +5014,11 @@ static int nf_tables_delflowtable(struct |
||
1000 | u8 genmask = nft_genmask_next(net); |
||
1001 | int family = nfmsg->nfgen_family; |
||
1002 | struct nft_flowtable *flowtable; |
||
1003 | - struct nft_af_info *afi; |
||
1004 | struct nft_table *table; |
||
1005 | struct nft_ctx ctx; |
||
1006 | |||
1007 | - afi = nf_tables_afinfo_lookup(net, family, true); |
||
1008 | - if (IS_ERR(afi)) |
||
1009 | - return PTR_ERR(afi); |
||
1010 | - |
||
1011 | table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
||
1012 | - afi->family, genmask); |
||
1013 | + family, genmask); |
||
1014 | if (IS_ERR(table)) |
||
1015 | return PTR_ERR(table); |
||
1016 | |||
1017 | @@ -5189,7 +5029,7 @@ static int nf_tables_delflowtable(struct |
||
1018 | if (flowtable->use > 0) |
||
1019 | return -EBUSY; |
||
1020 | |||
1021 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
||
1022 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
||
1023 | |||
1024 | return nft_delflowtable(&ctx, flowtable); |
||
1025 | } |
||
1026 | @@ -5264,7 +5104,7 @@ static int nf_tables_dump_flowtable(stru |
||
1027 | cb->seq = net->nft.base_seq; |
||
1028 | |||
1029 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
||
1030 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
||
1031 | + if (family != NFPROTO_UNSPEC && family != table->family) |
||
1032 | continue; |
||
1033 | |||
1034 | list_for_each_entry_rcu(flowtable, &table->flowtables, list) { |
||
1035 | @@ -5283,7 +5123,7 @@ static int nf_tables_dump_flowtable(stru |
||
1036 | cb->nlh->nlmsg_seq, |
||
1037 | NFT_MSG_NEWFLOWTABLE, |
||
1038 | NLM_F_MULTI | NLM_F_APPEND, |
||
1039 | - table->afi->family, flowtable) < 0) |
||
1040 | + table->family, flowtable) < 0) |
||
1041 | goto done; |
||
1042 | |||
1043 | nl_dump_check_consistent(cb, nlmsg_hdr(skb)); |
||
1044 | @@ -5343,7 +5183,6 @@ static int nf_tables_getflowtable(struct |
||
1045 | u8 genmask = nft_genmask_cur(net); |
||
1046 | int family = nfmsg->nfgen_family; |
||
1047 | struct nft_flowtable *flowtable; |
||
1048 | - const struct nft_af_info *afi; |
||
1049 | const struct nft_table *table; |
||
1050 | struct sk_buff *skb2; |
||
1051 | int err; |
||
1052 | @@ -5369,12 +5208,8 @@ static int nf_tables_getflowtable(struct |
||
1053 | if (!nla[NFTA_FLOWTABLE_NAME]) |
||
1054 | return -EINVAL; |
||
1055 | |||
1056 | - afi = nf_tables_afinfo_lookup(net, family, false); |
||
1057 | - if (IS_ERR(afi)) |
||
1058 | - return PTR_ERR(afi); |
||
1059 | - |
||
1060 | table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
||
1061 | - afi->family, genmask); |
||
1062 | + family, genmask); |
||
1063 | if (IS_ERR(table)) |
||
1064 | return PTR_ERR(table); |
||
1065 | |||
1066 | @@ -6545,7 +6380,7 @@ int __nft_release_basechain(struct nft_c |
||
1067 | } |
||
1068 | EXPORT_SYMBOL_GPL(__nft_release_basechain); |
||
1069 | |||
1070 | -static void __nft_release_afinfo(struct net *net) |
||
1071 | +static void __nft_release_tables(struct net *net) |
||
1072 | { |
||
1073 | struct nft_flowtable *flowtable, *nf; |
||
1074 | struct nft_table *table, *nt; |
||
1075 | @@ -6558,7 +6393,7 @@ static void __nft_release_afinfo(struct |
||
1076 | }; |
||
1077 | |||
1078 | list_for_each_entry_safe(table, nt, &net->nft.tables, list) { |
||
1079 | - ctx.family = table->afi->family; |
||
1080 | + ctx.family = table->family; |
||
1081 | |||
1082 | list_for_each_entry(chain, &table->chains, list) |
||
1083 | nf_tables_unregister_hook(net, table, chain); |
||
1084 | @@ -6610,7 +6445,7 @@ static int __net_init nf_tables_init_net |
||
1085 | |||
1086 | static void __net_exit nf_tables_exit_net(struct net *net) |
||
1087 | { |
||
1088 | - __nft_release_afinfo(net); |
||
1089 | + __nft_release_tables(net); |
||
1090 | WARN_ON_ONCE(!list_empty(&net->nft.tables)); |
||
1091 | WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); |
||
1092 | } |
||
1093 | --- a/net/netfilter/nf_tables_inet.c |
||
1094 | +++ b/net/netfilter/nf_tables_inet.c |
||
1095 | @@ -38,11 +38,6 @@ static unsigned int nft_do_chain_inet(vo |
||
1096 | return nft_do_chain(&pkt, priv); |
||
1097 | } |
||
1098 | |||
1099 | -static struct nft_af_info nft_af_inet __read_mostly = { |
||
1100 | - .family = NFPROTO_INET, |
||
1101 | - .owner = THIS_MODULE, |
||
1102 | -}; |
||
1103 | - |
||
1104 | static const struct nf_chain_type filter_inet = { |
||
1105 | .name = "filter", |
||
1106 | .type = NFT_CHAIN_T_DEFAULT, |
||
1107 | @@ -64,26 +59,12 @@ static const struct nf_chain_type filter |
||
1108 | |||
1109 | static int __init nf_tables_inet_init(void) |
||
1110 | { |
||
1111 | - int ret; |
||
1112 | - |
||
1113 | - if (nft_register_afinfo(&nft_af_inet) < 0) |
||
1114 | - return ret; |
||
1115 | - |
||
1116 | - ret = nft_register_chain_type(&filter_inet); |
||
1117 | - if (ret < 0) |
||
1118 | - goto err_register_chain; |
||
1119 | - |
||
1120 | - return ret; |
||
1121 | - |
||
1122 | -err_register_chain: |
||
1123 | - nft_unregister_afinfo(&nft_af_inet); |
||
1124 | - return ret; |
||
1125 | + return nft_register_chain_type(&filter_inet); |
||
1126 | } |
||
1127 | |||
1128 | static void __exit nf_tables_inet_exit(void) |
||
1129 | { |
||
1130 | nft_unregister_chain_type(&filter_inet); |
||
1131 | - nft_unregister_afinfo(&nft_af_inet); |
||
1132 | } |
||
1133 | |||
1134 | module_init(nf_tables_inet_init); |
||
1135 | @@ -91,4 +72,4 @@ module_exit(nf_tables_inet_exit); |
||
1136 | |||
1137 | MODULE_LICENSE("GPL"); |
||
1138 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); |
||
1139 | -MODULE_ALIAS_NFT_FAMILY(1); |
||
1140 | +MODULE_ALIAS_NFT_CHAIN(1, "filter"); |
||
1141 | --- a/net/netfilter/nf_tables_netdev.c |
||
1142 | +++ b/net/netfilter/nf_tables_netdev.c |
||
1143 | @@ -38,11 +38,6 @@ nft_do_chain_netdev(void *priv, struct s |
||
1144 | return nft_do_chain(&pkt, priv); |
||
1145 | } |
||
1146 | |||
1147 | -static struct nft_af_info nft_af_netdev __read_mostly = { |
||
1148 | - .family = NFPROTO_NETDEV, |
||
1149 | - .owner = THIS_MODULE, |
||
1150 | -}; |
||
1151 | - |
||
1152 | static const struct nf_chain_type nft_filter_chain_netdev = { |
||
1153 | .name = "filter", |
||
1154 | .type = NFT_CHAIN_T_DEFAULT, |
||
1155 | @@ -91,10 +86,10 @@ static int nf_tables_netdev_event(struct |
||
1156 | |||
1157 | nfnl_lock(NFNL_SUBSYS_NFTABLES); |
||
1158 | list_for_each_entry(table, &ctx.net->nft.tables, list) { |
||
1159 | - if (table->afi->family != NFPROTO_NETDEV) |
||
1160 | + if (table->family != NFPROTO_NETDEV) |
||
1161 | continue; |
||
1162 | |||
1163 | - ctx.family = table->afi->family; |
||
1164 | + ctx.family = table->family; |
||
1165 | ctx.table = table; |
||
1166 | list_for_each_entry_safe(chain, nr, &table->chains, list) { |
||
1167 | if (!nft_is_base_chain(chain)) |
||
1168 | @@ -117,12 +112,9 @@ static int __init nf_tables_netdev_init( |
||
1169 | { |
||
1170 | int ret; |
||
1171 | |||
1172 | - if (nft_register_afinfo(&nft_af_netdev) < 0) |
||
1173 | - return ret; |
||
1174 | - |
||
1175 | ret = nft_register_chain_type(&nft_filter_chain_netdev); |
||
1176 | if (ret) |
||
1177 | - goto err_register_chain_type; |
||
1178 | + return ret; |
||
1179 | |||
1180 | ret = register_netdevice_notifier(&nf_tables_netdev_notifier); |
||
1181 | if (ret) |
||
1182 | @@ -132,8 +124,6 @@ static int __init nf_tables_netdev_init( |
||
1183 | |||
1184 | err_register_netdevice_notifier: |
||
1185 | nft_unregister_chain_type(&nft_filter_chain_netdev); |
||
1186 | -err_register_chain_type: |
||
1187 | - nft_unregister_afinfo(&nft_af_netdev); |
||
1188 | |||
1189 | return ret; |
||
1190 | } |
||
1191 | @@ -142,7 +132,6 @@ static void __exit nf_tables_netdev_exit |
||
1192 | { |
||
1193 | unregister_netdevice_notifier(&nf_tables_netdev_notifier); |
||
1194 | nft_unregister_chain_type(&nft_filter_chain_netdev); |
||
1195 | - nft_unregister_afinfo(&nft_af_netdev); |
||
1196 | } |
||
1197 | |||
1198 | module_init(nf_tables_netdev_init); |
||
1199 | @@ -150,4 +139,4 @@ module_exit(nf_tables_netdev_exit); |
||
1200 | |||
1201 | MODULE_LICENSE("GPL"); |
||
1202 | MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); |
||
1203 | -MODULE_ALIAS_NFT_FAMILY(5); /* NFPROTO_NETDEV */ |
||
1204 | +MODULE_ALIAS_NFT_CHAIN(5, "filter"); /* NFPROTO_NETDEV */ |