OpenWrt – Diff between revs 2 and 3
?pathlinks?
| Rev 2 | Rev 3 | |||
|---|---|---|---|---|
| Line 465... | Line 465... | |||
| 465 | - err = nft_chain_parse_hook(net, nla, afi, &hook, create); |
465 | - err = nft_chain_parse_hook(net, nla, afi, &hook, create); |
|
| 466 | + err = nft_chain_parse_hook(net, nla, &hook, family, create); |
466 | + err = nft_chain_parse_hook(net, nla, &hook, family, create); |
|
| 467 | if (err < 0) |
467 | if (err < 0) |
|
| 468 | return err; |
468 | return err; |
|
| Line 469... | Line 469... | |||
| 469 | |
469 | |
|
| 470 | @@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft |
470 | @@ -1509,7 +1504,7 @@ static int nf_tables_updchain(struct nft |
|
| 471 | if (!nft_is_base_chain(chain)) |
471 | if (!nft_is_base_chain(chain)) |
|
| Line 472... | Line 472... | |||
| 472 | return -EBUSY; |
472 | return -EBUSY; |
|
| 473 | |
473 | |
|
| 474 | - err = nft_chain_parse_hook(ctx->net, nla, ctx->afi, &hook, |
474 | - err = nft_chain_parse_hook(ctx->net, nla, ctx->afi, &hook, |
|
| 475 | + err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family, |
475 | + err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family, |
|
| 476 | create); |
476 | create); |
|
| 477 | if (err < 0) |
477 | if (err < 0) |
|
| 478 | return err; |
478 | return err; |
|
| 479 | @@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net |
479 | @@ -1602,7 +1597,8 @@ static int nf_tables_newchain(struct net |
|
| Line 480... | Line 480... | |||
| 480 | if (IS_ERR(afi)) |
480 | if (IS_ERR(afi)) |
|
| 481 | return PTR_ERR(afi); |
481 | return PTR_ERR(afi); |
|
| 482 | |
482 | |
|
| 483 | - table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); |
483 | - table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); |
|
| 484 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
484 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
|
| Line 485... | Line 485... | |||
| 485 | + genmask); |
485 | + genmask); |
|
| 486 | if (IS_ERR(table)) |
486 | if (IS_ERR(table)) |
|
| 487 | return PTR_ERR(table); |
487 | return PTR_ERR(table); |
|
| Line 488... | Line 488... | |||
| 488 | |
488 | |
|
| 489 | @@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net |
489 | @@ -1642,7 +1638,7 @@ static int nf_tables_newchain(struct net |
|
| Line 490... | Line 490... | |||
| 490 | } |
490 | } |
|
| 491 | } |
491 | } |
|
| 492 | |
492 | |
|
| 493 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
493 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
|
| 494 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
494 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 495... | Line 495... | |||
| 495 | |
495 | |
|
| 496 | if (chain != NULL) { |
496 | if (chain != NULL) { |
|
| 497 | if (nlh->nlmsg_flags & NLM_F_EXCL) |
497 | if (nlh->nlmsg_flags & NLM_F_EXCL) |
|
| 498 | @@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net |
498 | @@ -1676,7 +1672,8 @@ static int nf_tables_delchain(struct net |
|
| 499 | if (IS_ERR(afi)) |
499 | if (IS_ERR(afi)) |
|
| Line 500... | Line 500... | |||
| 500 | return PTR_ERR(afi); |
500 | return PTR_ERR(afi); |
|
| 501 | |
501 | |
|
| 502 | - table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); |
502 | - table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); |
|
| Line 503... | Line 503... | |||
| 503 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
503 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
|
| 504 | + genmask); |
504 | + genmask); |
|
| Line 505... | Line 505... | |||
| 505 | if (IS_ERR(table)) |
505 | if (IS_ERR(table)) |
|
| 506 | return PTR_ERR(table); |
506 | return PTR_ERR(table); |
|
| 507 | |
507 | |
|
| 508 | @@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net |
508 | @@ -1688,7 +1685,7 @@ static int nf_tables_delchain(struct net |
|
| 509 | chain->use > 0) |
509 | chain->use > 0) |
|
| Line 510... | Line 510... | |||
| 510 | return -EBUSY; |
510 | return -EBUSY; |
|
| 511 | |
511 | |
|
| 512 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
512 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
|
| 513 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
513 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 514... | Line 514... | |||
| 514 | |
514 | |
|
| 515 | use = chain->use; |
515 | use = chain->use; |
|
| Line 516... | Line 516... | |||
| 516 | list_for_each_entry(rule, &chain->rules, list) { |
516 | list_for_each_entry(rule, &chain->rules, list) { |
|
| 517 | @@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st |
517 | @@ -1853,7 +1850,7 @@ static int nf_tables_expr_parse(const st |
|
| 518 | if (err < 0) |
518 | if (err < 0) |
|
| 519 | return err; |
519 | return err; |
|
| 520 | |
520 | |
|
| 521 | - type = nft_expr_type_get(ctx->afi->family, tb[NFTA_EXPR_NAME]); |
521 | - type = nft_expr_type_get(ctx->afi->family, tb[NFTA_EXPR_NAME]); |
|
| 522 | + type = nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]); |
522 | + type = nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]); |
|
| 523 | if (IS_ERR(type)) |
523 | if (IS_ERR(type)) |
|
| 524 | return PTR_ERR(type); |
524 | return PTR_ERR(type); |
|
| 525 | |
525 | |
|
| 526 | @@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const |
526 | @@ -2077,7 +2074,7 @@ static void nf_tables_rule_notify(const |
|
| 527 | goto err; |
527 | goto err; |
|
| 528 | |
528 | |
|
| 529 | err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, |
529 | err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, |
|
| 530 | - event, 0, ctx->afi->family, ctx->table, |
530 | - event, 0, ctx->afi->family, ctx->table, |
|
| 531 | + event, 0, ctx->family, ctx->table, |
531 | + event, 0, ctx->family, ctx->table, |
|
| 532 | ctx->chain, rule); |
532 | ctx->chain, rule); |
|
| Line 533... | Line 533... | |||
| 533 | if (err < 0) { |
533 | if (err < 0) { |
|
| 534 | kfree_skb(skb); |
534 | kfree_skb(skb); |
|
| Line 603... | Line 603... | |||
| 603 | - } |
603 | - } |
|
| 604 | + idx++; |
604 | + idx++; |
|
| 605 | } |
605 | } |
|
| 606 | } |
606 | } |
|
| 607 | } |
607 | } |
|
| 608 | @@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net |
608 | @@ -2222,7 +2216,8 @@ static int nf_tables_getrule(struct net |
|
| 609 | if (IS_ERR(afi)) |
609 | if (IS_ERR(afi)) |
|
| 610 | return PTR_ERR(afi); |
610 | return PTR_ERR(afi); |
|
| Line 611... | Line 611... | |||
| 611 | |
611 | |
|
| 612 | - table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); |
612 | - table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); |
|
| 613 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
613 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
|
| 614 | + genmask); |
614 | + genmask); |
|
| 615 | if (IS_ERR(table)) |
615 | if (IS_ERR(table)) |
|
| Line 616... | Line 616... | |||
| 616 | return PTR_ERR(table); |
616 | return PTR_ERR(table); |
|
| 617 | |
617 | |
|
| 618 | @@ -2323,7 +2318,8 @@ static int nf_tables_newrule(struct net |
618 | @@ -2306,7 +2301,8 @@ static int nf_tables_newrule(struct net |
|
| Line 619... | Line 619... | |||
| 619 | if (IS_ERR(afi)) |
619 | if (IS_ERR(afi)) |
|
| 620 | return PTR_ERR(afi); |
620 | return PTR_ERR(afi); |
|
| 621 | |
621 | |
|
| 622 | - table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); |
622 | - table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); |
|
| 623 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
623 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
|
| Line 624... | Line 624... | |||
| 624 | + genmask); |
624 | + genmask); |
|
| 625 | if (IS_ERR(table)) |
625 | if (IS_ERR(table)) |
|
| 626 | return PTR_ERR(table); |
626 | return PTR_ERR(table); |
|
| Line 627... | Line 627... | |||
| 627 | |
627 | |
|
| 628 | @@ -2362,7 +2358,7 @@ static int nf_tables_newrule(struct net |
628 | @@ -2345,7 +2341,7 @@ static int nf_tables_newrule(struct net |
|
| Line 629... | Line 629... | |||
| 629 | return PTR_ERR(old_rule); |
629 | return PTR_ERR(old_rule); |
|
| 630 | } |
630 | } |
|
| 631 | |
631 | |
|
| 632 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
632 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
|
| 633 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
633 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 634... | Line 634... | |||
| 634 | |
634 | |
|
| 635 | n = 0; |
635 | n = 0; |
|
| 636 | size = 0; |
636 | size = 0; |
|
| 637 | @@ -2495,7 +2491,8 @@ static int nf_tables_delrule(struct net |
637 | @@ -2485,7 +2481,8 @@ static int nf_tables_delrule(struct net |
|
| 638 | if (IS_ERR(afi)) |
638 | if (IS_ERR(afi)) |
|
| Line 639... | Line 639... | |||
| 639 | return PTR_ERR(afi); |
639 | return PTR_ERR(afi); |
|
| 640 | |
640 | |
|
| 641 | - table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); |
641 | - table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); |
|
| Line 642... | Line 642... | |||
| 642 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
642 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
|
| 643 | + genmask); |
643 | + genmask); |
|
| Line 644... | Line 644... | |||
| 644 | if (IS_ERR(table)) |
644 | if (IS_ERR(table)) |
|
| 645 | return PTR_ERR(table); |
645 | return PTR_ERR(table); |
|
| 646 | |
646 | |
|
| 647 | @@ -2506,7 +2503,7 @@ static int nf_tables_delrule(struct net |
647 | @@ -2496,7 +2493,7 @@ static int nf_tables_delrule(struct net |
|
| 648 | return PTR_ERR(chain); |
648 | return PTR_ERR(chain); |
|
| Line 649... | Line 649... | |||
| 649 | } |
649 | } |
|
| 650 | |
650 | |
|
| Line 668... | Line 668... | |||
| 668 | - nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); |
668 | - nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); |
|
| 669 | + nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
669 | + nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 670 | return 0; |
670 | return 0; |
|
| 671 | } |
671 | } |
|
| Line 672... | Line 672... | |||
| 672 | |
672 | |
|
| 673 | @@ -2838,7 +2835,7 @@ static int nf_tables_fill_set(struct sk_ |
673 | @@ -2828,7 +2825,7 @@ static int nf_tables_fill_set(struct sk_ |
|
| Line 674... | Line 674... | |||
| 674 | goto nla_put_failure; |
674 | goto nla_put_failure; |
|
| 675 | |
675 | |
|
| 676 | nfmsg = nlmsg_data(nlh); |
676 | nfmsg = nlmsg_data(nlh); |
|
| 677 | - nfmsg->nfgen_family = ctx->afi->family; |
677 | - nfmsg->nfgen_family = ctx->afi->family; |
|
| 678 | + nfmsg->nfgen_family = ctx->family; |
678 | + nfmsg->nfgen_family = ctx->family; |
|
| Line 679... | Line 679... | |||
| 679 | nfmsg->version = NFNETLINK_V0; |
679 | nfmsg->version = NFNETLINK_V0; |
|
| 680 | nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); |
680 | nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); |
|
| 681 | |
681 | |
|
| 682 | @@ -2930,10 +2927,8 @@ static int nf_tables_dump_sets(struct sk |
682 | @@ -2920,10 +2917,8 @@ static int nf_tables_dump_sets(struct sk |
|
| 683 | { |
683 | { |
|
| 684 | const struct nft_set *set; |
684 | const struct nft_set *set; |
|
| 685 | unsigned int idx, s_idx = cb->args[0]; |
685 | unsigned int idx, s_idx = cb->args[0]; |
|
| 686 | - struct nft_af_info *afi; |
686 | - struct nft_af_info *afi; |
|
| 687 | struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2]; |
687 | struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2]; |
|
| Line 688... | Line 688... | |||
| 688 | struct net *net = sock_net(skb->sk); |
688 | struct net *net = sock_net(skb->sk); |
|
| 689 | - int cur_family = cb->args[3]; |
689 | - int cur_family = cb->args[3]; |
|
| 690 | struct nft_ctx *ctx = cb->data, ctx_set; |
690 | struct nft_ctx *ctx = cb->data, ctx_set; |
|
| 691 | |
691 | |
|
| Line 692... | Line 692... | |||
| 692 | if (cb->args[1]) |
692 | if (cb->args[1]) |
|
| 693 | @@ -2942,51 +2937,44 @@ static int nf_tables_dump_sets(struct sk |
693 | @@ -2932,51 +2927,44 @@ static int nf_tables_dump_sets(struct sk |
|
| Line 769... | Line 769... | |||
| 769 | + if (s_idx) |
769 | + if (s_idx) |
|
| 770 | + s_idx = 0; |
770 | + s_idx = 0; |
|
| 771 | } |
771 | } |
|
| 772 | cb->args[1] = 1; |
772 | cb->args[1] = 1; |
|
| 773 | done: |
773 | done: |
|
| 774 | @@ -3196,11 +3184,12 @@ static int nf_tables_newset(struct net * |
774 | @@ -3186,11 +3174,12 @@ static int nf_tables_newset(struct net * |
|
| 775 | if (IS_ERR(afi)) |
775 | if (IS_ERR(afi)) |
|
| 776 | return PTR_ERR(afi); |
776 | return PTR_ERR(afi); |
|
| Line 777... | Line 777... | |||
| 777 | |
777 | |
|
| 778 | - table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], genmask); |
778 | - table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], genmask); |
|
| Line 784... | Line 784... | |||
| 784 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
784 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
|
| 785 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
785 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| Line 786... | Line 786... | |||
| 786 | |
786 | |
|
| 787 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); |
787 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); |
|
| 788 | if (IS_ERR(set)) { |
788 | if (IS_ERR(set)) { |
|
| 789 | @@ -3469,12 +3458,12 @@ static int nft_ctx_init_from_elemattr(st |
789 | @@ -3459,12 +3448,12 @@ static int nft_ctx_init_from_elemattr(st |
|
| 790 | if (IS_ERR(afi)) |
790 | if (IS_ERR(afi)) |
|
| Line 791... | Line 791... | |||
| 791 | return PTR_ERR(afi); |
791 | return PTR_ERR(afi); |
|
| 792 | |
792 | |
|
| Line 800... | Line 800... | |||
| 800 | - nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); |
800 | - nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); |
|
| 801 | + nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
801 | + nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 802 | return 0; |
802 | return 0; |
|
| 803 | } |
803 | } |
|
| Line 804... | Line 804... | |||
| 804 | |
804 | |
|
| 805 | @@ -3579,7 +3568,6 @@ static int nf_tables_dump_set(struct sk_ |
805 | @@ -3569,7 +3558,6 @@ static int nf_tables_dump_set(struct sk_ |
|
| 806 | { |
806 | { |
|
| 807 | struct nft_set_dump_ctx *dump_ctx = cb->data; |
807 | struct nft_set_dump_ctx *dump_ctx = cb->data; |
|
| 808 | struct net *net = sock_net(skb->sk); |
808 | struct net *net = sock_net(skb->sk); |
|
| 809 | - struct nft_af_info *afi; |
809 | - struct nft_af_info *afi; |
|
| 810 | struct nft_table *table; |
810 | struct nft_table *table; |
|
| 811 | struct nft_set *set; |
811 | struct nft_set *set; |
|
| 812 | struct nft_set_dump_args args; |
812 | struct nft_set_dump_args args; |
|
| 813 | @@ -3591,21 +3579,19 @@ static int nf_tables_dump_set(struct sk_ |
813 | @@ -3581,21 +3569,19 @@ static int nf_tables_dump_set(struct sk_ |
|
| Line 814... | Line 814... | |||
| 814 | int event; |
814 | int event; |
|
| 815 | |
815 | |
|
| 816 | rcu_read_lock(); |
816 | rcu_read_lock(); |
|
| Line 839... | Line 839... | |||
| 839 | } |
839 | } |
|
| 840 | - break; |
840 | - break; |
|
| 841 | } |
841 | } |
|
| 842 | break; |
842 | break; |
|
| 843 | } |
843 | } |
|
| 844 | @@ -3625,7 +3611,7 @@ static int nf_tables_dump_set(struct sk_ |
844 | @@ -3615,7 +3601,7 @@ static int nf_tables_dump_set(struct sk_ |
|
| 845 | goto nla_put_failure; |
845 | goto nla_put_failure; |
|
| Line 846... | Line 846... | |||
| 846 | |
846 | |
|
| 847 | nfmsg = nlmsg_data(nlh); |
847 | nfmsg = nlmsg_data(nlh); |
|
| 848 | - nfmsg->nfgen_family = afi->family; |
848 | - nfmsg->nfgen_family = afi->family; |
|
| 849 | + nfmsg->nfgen_family = table->afi->family; |
849 | + nfmsg->nfgen_family = table->afi->family; |
|
| 850 | nfmsg->version = NFNETLINK_V0; |
850 | nfmsg->version = NFNETLINK_V0; |
|
| Line 851... | Line 851... | |||
| 851 | nfmsg->res_id = htons(net->nft.base_seq & 0xffff); |
851 | nfmsg->res_id = htons(net->nft.base_seq & 0xffff); |
|
| 852 | |
852 | |
|
| Line 853... | Line 853... | |||
| 853 | @@ -3727,7 +3713,7 @@ static int nf_tables_fill_setelem_info(s |
853 | @@ -3717,7 +3703,7 @@ static int nf_tables_fill_setelem_info(s |
|
| 854 | goto nla_put_failure; |
854 | goto nla_put_failure; |
|
| 855 | |
855 | |
|
| 856 | nfmsg = nlmsg_data(nlh); |
856 | nfmsg = nlmsg_data(nlh); |
|
| 857 | - nfmsg->nfgen_family = ctx->afi->family; |
857 | - nfmsg->nfgen_family = ctx->afi->family; |
|
| Line 858... | Line 858... | |||
| 858 | + nfmsg->nfgen_family = ctx->family; |
858 | + nfmsg->nfgen_family = ctx->family; |
|
| 859 | nfmsg->version = NFNETLINK_V0; |
859 | nfmsg->version = NFNETLINK_V0; |
|
| 860 | nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); |
860 | nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); |
|
| 861 | |
861 | |
|
| 862 | @@ -3971,7 +3957,7 @@ static int nft_add_set_elem(struct nft_c |
862 | @@ -3961,7 +3947,7 @@ static int nft_add_set_elem(struct nft_c |
|
| 863 | list_for_each_entry(binding, &set->bindings, list) { |
863 | list_for_each_entry(binding, &set->bindings, list) { |
|
| 864 | struct nft_ctx bind_ctx = { |
864 | struct nft_ctx bind_ctx = { |
|
| 865 | .net = ctx->net, |
865 | .net = ctx->net, |
|
| 866 | - .afi = ctx->afi, |
866 | - .afi = ctx->afi, |
|
| 867 | + .family = ctx->family, |
867 | + .family = ctx->family, |
|
| 868 | .table = ctx->table, |
868 | .table = ctx->table, |
|
| 869 | .chain = (struct nft_chain *)binding->chain, |
869 | .chain = (struct nft_chain *)binding->chain, |
|
| Line 870... | Line 870... | |||
| 870 | }; |
870 | }; |
|
| 871 | @@ -4521,7 +4507,8 @@ static int nf_tables_newobj(struct net * |
871 | @@ -4510,7 +4496,8 @@ static int nf_tables_newobj(struct net * |
|
| 872 | if (IS_ERR(afi)) |
872 | if (IS_ERR(afi)) |
|
| 873 | return PTR_ERR(afi); |
873 | return PTR_ERR(afi); |
|
| 874 | |
874 | |
|
| Line 875... | Line 875... | |||
| 875 | - table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); |
875 | - table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); |
|
| 876 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
876 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
|
| 877 | + genmask); |
877 | + genmask); |
|
| Line 878... | Line 878... | |||
| 878 | if (IS_ERR(table)) |
878 | if (IS_ERR(table)) |
|
| 879 | return PTR_ERR(table); |
879 | return PTR_ERR(table); |
|
| Line 880... | Line 880... | |||
| 880 | |
880 | |
|
| 881 | @@ -4539,7 +4526,7 @@ static int nf_tables_newobj(struct net * |
881 | @@ -4528,7 +4515,7 @@ static int nf_tables_newobj(struct net * |
|
| 882 | return 0; |
882 | return 0; |
|
| 883 | } |
883 | } |
|
| 884 | |
884 | |
|
| 885 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
885 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
|
| 886 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
886 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 887 | |
887 | |
|
| 888 | type = nft_obj_type_get(objtype); |
888 | type = nft_obj_type_get(objtype); |
|
| 889 | if (IS_ERR(type)) |
889 | if (IS_ERR(type)) |
|
| 890 | @@ -4616,7 +4603,6 @@ struct nft_obj_filter { |
890 | @@ -4605,7 +4592,6 @@ struct nft_obj_filter { |
|
| 891 | static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) |
891 | static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) |
|
| 892 | { |
892 | { |
|
| Line 893... | Line 893... | |||
| 893 | const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); |
893 | const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); |
|
| 894 | - const struct nft_af_info *afi; |
894 | - const struct nft_af_info *afi; |
|
| Line 958... | Line 958... | |||
| 958 | - } |
958 | - } |
|
| 959 | + idx++; |
959 | + idx++; |
|
| 960 | } |
960 | } |
|
| 961 | } |
961 | } |
|
| 962 | done: |
962 | done: |
|
| 963 | @@ -4749,7 +4734,8 @@ static int nf_tables_getobj(struct net * |
963 | @@ -4738,7 +4723,8 @@ static int nf_tables_getobj(struct net * |
|
| 964 | if (IS_ERR(afi)) |
964 | if (IS_ERR(afi)) |
|
| 965 | return PTR_ERR(afi); |
965 | return PTR_ERR(afi); |
|
| Line 966... | Line 966... | |||
| 966 | |
966 | |
|
| 967 | - table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); |
967 | - table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); |
|
| 968 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
968 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
|
| 969 | + genmask); |
969 | + genmask); |
|
| 970 | if (IS_ERR(table)) |
970 | if (IS_ERR(table)) |
|
| Line 971... | Line 971... | |||
| 971 | return PTR_ERR(table); |
971 | return PTR_ERR(table); |
|
| 972 | |
972 | |
|
| 973 | @@ -4809,7 +4795,8 @@ static int nf_tables_delobj(struct net * |
973 | @@ -4798,7 +4784,8 @@ static int nf_tables_delobj(struct net * |
|
| Line 974... | Line 974... | |||
| 974 | if (IS_ERR(afi)) |
974 | if (IS_ERR(afi)) |
|
| 975 | return PTR_ERR(afi); |
975 | return PTR_ERR(afi); |
|
| 976 | |
976 | |
|
| 977 | - table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); |
977 | - table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); |
|
| 978 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
978 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
|
| Line 979... | Line 979... | |||
| 979 | + genmask); |
979 | + genmask); |
|
| 980 | if (IS_ERR(table)) |
980 | if (IS_ERR(table)) |
|
| 981 | return PTR_ERR(table); |
981 | return PTR_ERR(table); |
|
| Line 982... | Line 982... | |||
| 982 | |
982 | |
|
| 983 | @@ -4820,7 +4807,7 @@ static int nf_tables_delobj(struct net * |
983 | @@ -4809,7 +4796,7 @@ static int nf_tables_delobj(struct net * |
|
| Line 984... | Line 984... | |||
| 984 | if (obj->use > 0) |
984 | if (obj->use > 0) |
|
| 985 | return -EBUSY; |
985 | return -EBUSY; |
|
| 986 | |
986 | |
|
| 987 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
987 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
|
| 988 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
988 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 989 | |
989 | |
|
| 990 | return nft_delobj(&ctx, obj); |
990 | return nft_delobj(&ctx, obj); |
|
| 991 | } |
991 | } |
|
| 992 | @@ -4858,7 +4845,7 @@ static void nf_tables_obj_notify(const s |
992 | @@ -4847,7 +4834,7 @@ static void nf_tables_obj_notify(const s |
|
| Line 993... | Line 993... | |||
| 993 | struct nft_object *obj, int event) |
993 | struct nft_object *obj, int event) |
|
| 994 | { |
994 | { |
|
| Line 995... | Line 995... | |||
| 995 | nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, |
995 | nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, |
|
| 996 | - ctx->afi->family, ctx->report, GFP_KERNEL); |
996 | - ctx->afi->family, ctx->report, GFP_KERNEL); |
|
| 997 | + ctx->family, ctx->report, GFP_KERNEL); |
997 | + ctx->family, ctx->report, GFP_KERNEL); |
|
| 998 | } |
998 | } |
|
| 999 | |
999 | |
|
| 1000 | /* |
1000 | /* |
|
| 1001 | @@ -5048,7 +5035,7 @@ void nft_flow_table_iterate(struct net * |
1001 | @@ -5037,7 +5024,7 @@ void nft_flow_table_iterate(struct net * |
|
| 1002 | |
1002 | |
|
| 1003 | rcu_read_lock(); |
1003 | rcu_read_lock(); |
|
| 1004 | list_for_each_entry_rcu(afi, &net->nft.af_info, list) { |
1004 | list_for_each_entry_rcu(afi, &net->nft.af_info, list) { |
|
| Line 1005... | Line 1005... | |||
| 1005 | - list_for_each_entry_rcu(table, &afi->tables, list) { |
1005 | - list_for_each_entry_rcu(table, &afi->tables, list) { |
|
| 1006 | + list_for_each_entry_rcu(table, &net->nft.tables, list) { |
1006 | + list_for_each_entry_rcu(table, &net->nft.tables, list) { |
|
| 1007 | list_for_each_entry_rcu(flowtable, &table->flowtables, list) { |
1007 | list_for_each_entry_rcu(flowtable, &table->flowtables, list) { |
|
| 1008 | iter(&flowtable->data, data); |
1008 | iter(&flowtable->data, data); |
|
| 1009 | } |
1009 | } |
|
| Line 1010... | Line 1010... | |||
| 1010 | @@ -5096,7 +5083,8 @@ static int nf_tables_newflowtable(struct |
1010 | @@ -5085,7 +5072,8 @@ static int nf_tables_newflowtable(struct |
|
| 1011 | if (IS_ERR(afi)) |
1011 | if (IS_ERR(afi)) |
|
| 1012 | return PTR_ERR(afi); |
1012 | return PTR_ERR(afi); |
|
| Line 1013... | Line 1013... | |||
| 1013 | |
1013 | |
|
| 1014 | - table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); |
1014 | - table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); |
|
| Line 1015... | Line 1015... | |||
| 1015 | + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
1015 | + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
|
| 1016 | + afi->family, genmask); |
1016 | + afi->family, genmask); |
|
| 1017 | if (IS_ERR(table)) |
1017 | if (IS_ERR(table)) |
|
| 1018 | return PTR_ERR(table); |
1018 | return PTR_ERR(table); |
|
| 1019 | |
1019 | |
|
| Line 1020... | Line 1020... | |||
| 1020 | @@ -5113,7 +5101,7 @@ static int nf_tables_newflowtable(struct |
1020 | @@ -5102,7 +5090,7 @@ static int nf_tables_newflowtable(struct |
|
| 1021 | return 0; |
1021 | return 0; |
|
| 1022 | } |
1022 | } |
|
| 1023 | |
1023 | |
|
| 1024 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
1024 | - nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
|
| Line 1025... | Line 1025... | |||
| 1025 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
1025 | + nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 1026 | |
1026 | |
|
| 1027 | flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); |
1027 | flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); |
|
| Line 1028... | Line 1028... | |||
| 1028 | if (!flowtable) |
1028 | if (!flowtable) |
|
| 1029 | @@ -5194,7 +5182,8 @@ static int nf_tables_delflowtable(struct |
1029 | @@ -5183,7 +5171,8 @@ static int nf_tables_delflowtable(struct |
|
| Line 1030... | Line 1030... | |||
| 1030 | if (IS_ERR(afi)) |
1030 | if (IS_ERR(afi)) |
|
| 1031 | return PTR_ERR(afi); |
1031 | return PTR_ERR(afi); |
|
| 1032 | |
1032 | |
|
| 1033 | - table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); |
1033 | - table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); |
|
| 1034 | + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
1034 | + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
|
| 1035 | + afi->family, genmask); |
1035 | + afi->family, genmask); |
|
| 1036 | if (IS_ERR(table)) |
1036 | if (IS_ERR(table)) |
|
| 1037 | return PTR_ERR(table); |
1037 | return PTR_ERR(table); |
|
| Line 1105... | Line 1105... | |||
| 1105 | - } |
1105 | - } |
|
| 1106 | + idx++; |
1106 | + idx++; |
|
| 1107 | } |
1107 | } |
|
| 1108 | } |
1108 | } |
|
| 1109 | done: |
1109 | done: |
|
| 1110 | @@ -5392,7 +5378,8 @@ static int nf_tables_getflowtable(struct |
1110 | @@ -5381,7 +5367,8 @@ static int nf_tables_getflowtable(struct |
|
| 1111 | if (IS_ERR(afi)) |
1111 | if (IS_ERR(afi)) |
|
| 1112 | return PTR_ERR(afi); |
1112 | return PTR_ERR(afi); |
|
| Line 1113... | Line 1113... | |||
| 1113 | |
1113 | |
|
| 1114 | - table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); |
1114 | - table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); |
|
| 1115 | + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
1115 | + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], |
|
| 1116 | + afi->family, genmask); |
1116 | + afi->family, genmask); |
|
| 1117 | if (IS_ERR(table)) |
1117 | if (IS_ERR(table)) |
|
| Line 1118... | Line 1118... | |||
| 1118 | return PTR_ERR(table); |
1118 | return PTR_ERR(table); |
|
| Line 1119... | Line 1119... | |||
| 1119 | |
1119 | |
|
| 1120 | @@ -5435,7 +5422,7 @@ static void nf_tables_flowtable_notify(s |
1120 | @@ -5424,7 +5411,7 @@ static void nf_tables_flowtable_notify(s |
|
| 1121 | |
1121 | |
|
| 1122 | err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, |
1122 | err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, |
|
| 1123 | ctx->seq, event, 0, |
1123 | ctx->seq, event, 0, |
|
| 1124 | - ctx->afi->family, flowtable); |
1124 | - ctx->afi->family, flowtable); |
|
| 1125 | + ctx->family, flowtable); |
1125 | + ctx->family, flowtable); |
|
| 1126 | if (err < 0) { |
1126 | if (err < 0) { |
|
| 1127 | kfree_skb(skb); |
1127 | kfree_skb(skb); |
|
| 1128 | goto err; |
1128 | goto err; |
|
| 1129 | @@ -5513,17 +5500,14 @@ static int nf_tables_flowtable_event(str |
1129 | @@ -5502,17 +5489,14 @@ static int nf_tables_flowtable_event(str |
|
| 1130 | struct net_device *dev = netdev_notifier_info_to_dev(ptr); |
1130 | struct net_device *dev = netdev_notifier_info_to_dev(ptr); |
|
| Line 1145... | Line 1145... | |||
| 1145 | + list_for_each_entry(flowtable, &table->flowtables, list) { |
1145 | + list_for_each_entry(flowtable, &table->flowtables, list) { |
|
| 1146 | + nft_flowtable_event(event, dev, flowtable); |
1146 | + nft_flowtable_event(event, dev, flowtable); |
|
| 1147 | } |
1147 | } |
|
| 1148 | } |
1148 | } |
|
| 1149 | nfnl_unlock(NFNL_SUBSYS_NFTABLES); |
1149 | nfnl_unlock(NFNL_SUBSYS_NFTABLES); |
|
| 1150 | @@ -6549,6 +6533,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); |
1150 | @@ -6533,6 +6517,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); |
|
| 1151 | static int __net_init nf_tables_init_net(struct net *net) |
1151 | static int __net_init nf_tables_init_net(struct net *net) |
|
| 1152 | { |
1152 | { |
|
| 1153 | INIT_LIST_HEAD(&net->nft.af_info); |
1153 | INIT_LIST_HEAD(&net->nft.af_info); |
|
| 1154 | + INIT_LIST_HEAD(&net->nft.tables); |
1154 | + INIT_LIST_HEAD(&net->nft.tables); |
|
| 1155 | INIT_LIST_HEAD(&net->nft.commit_list); |
1155 | INIT_LIST_HEAD(&net->nft.commit_list); |
|
| 1156 | net->nft.base_seq = 1; |
1156 | net->nft.base_seq = 1; |
|
| 1157 | return 0; |
1157 | return 0; |
|
| 1158 | @@ -6585,10 +6570,10 @@ static void __nft_release_afinfo(struct |
1158 | @@ -6569,10 +6554,10 @@ static void __nft_release_afinfo(struct |
|
| 1159 | struct nft_set *set, *ns; |
1159 | struct nft_set *set, *ns; |
|
| 1160 | struct nft_ctx ctx = { |
1160 | struct nft_ctx ctx = { |
|
| 1161 | .net = net, |
1161 | .net = net, |
|
| 1162 | - .afi = afi, |
1162 | - .afi = afi, |
|
| 1163 | + .family = afi->family, |
1163 | + .family = afi->family, |
|
| Line 1253... | Line 1253... | |||
| 1253 | - par->family = ctx->afi->family; |
1253 | - par->family = ctx->afi->family; |
|
| 1254 | + par->family = ctx->family; |
1254 | + par->family = ctx->family; |
|
| 1255 | par->nft_compat = true; |
1255 | par->nft_compat = true; |
|
| 1256 | } |
1256 | } |
|
| Line 1257... | Line 1257... | |||
| 1257 | |
1257 | |
|
| 1258 | @@ -503,7 +503,7 @@ __nft_match_destroy(const struct nft_ctx |
1258 | @@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx |
|
| 1259 | par.net = ctx->net; |
1259 | par.net = ctx->net; |
|
| 1260 | par.match = match; |
1260 | par.match = match; |
|
| 1261 | par.matchinfo = info; |
1261 | par.matchinfo = info; |
|
| 1262 | - par.family = ctx->afi->family; |
1262 | - par.family = ctx->afi->family; |
|
| 1263 | + par.family = ctx->family; |
1263 | + par.family = ctx->family; |
|
| 1264 | if (par.match->destroy != NULL) |
1264 | if (par.match->destroy != NULL) |
|
| Line 1265... | Line 1265... | |||
| 1265 | par.match->destroy(&par); |
1265 | par.match->destroy(&par); |
|
| Line 1266... | Line 1266... | |||
| 1266 | |
1266 | |
|
| 1267 | @@ -733,7 +733,7 @@ nft_match_select_ops(const struct nft_ct |
1267 | @@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct |
|
| 1268 | |
1268 | |
|
| 1269 | mt_name = nla_data(tb[NFTA_MATCH_NAME]); |
1269 | mt_name = nla_data(tb[NFTA_MATCH_NAME]); |
|
| Line 1270... | Line 1270... | |||
| 1270 | rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); |
1270 | rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); |
|
| 1271 | - family = ctx->afi->family; |
1271 | - family = ctx->afi->family; |
|
| 1272 | + family = ctx->family; |
1272 | + family = ctx->family; |
|
| Line 1273... | Line 1273... | |||
| 1273 | |
1273 | |
|
| 1274 | /* Re-use the existing match if it's already loaded. */ |
1274 | /* Re-use the existing match if it's already loaded. */ |
|
| 1275 | list_for_each_entry(nft_match, &nft_match_list, head) { |
1275 | list_for_each_entry(nft_match, &nft_match_list, head) { |
|
| 1276 | @@ -824,7 +824,7 @@ nft_target_select_ops(const struct nft_c |
1276 | @@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c |
|
| Line 1277... | Line 1277... | |||
| 1277 | |
1277 | |
|
| 1278 | tg_name = nla_data(tb[NFTA_TARGET_NAME]); |
1278 | tg_name = nla_data(tb[NFTA_TARGET_NAME]); |
|
| 1279 | rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); |
1279 | rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); |
|
| 1280 | - family = ctx->afi->family; |
1280 | - family = ctx->afi->family; |
|
| 1281 | + family = ctx->family; |
1281 | + family = ctx->family; |
|
| 1282 | |
1282 | |
|
| 1283 | if (strcmp(tg_name, XT_ERROR_TARGET) == 0 || |
1283 | /* Re-use the existing target if it's already loaded. */ |
|