OpenWrt – Diff between revs 2 and 3
?pathlinks?
| Rev 2 | Rev 3 | |||
|---|---|---|---|---|
| Line 538... | Line 538... | |||
| 538 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
538 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
|
| 539 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
539 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
|
| 540 | genmask); |
540 | genmask); |
|
| 541 | if (IS_ERR(table)) |
541 | if (IS_ERR(table)) |
|
| 542 | return PTR_ERR(table); |
542 | return PTR_ERR(table); |
|
| 543 | @@ -1597,7 +1505,6 @@ static int nf_tables_newchain(struct net |
543 | @@ -1581,7 +1489,6 @@ static int nf_tables_newchain(struct net |
|
| 544 | const struct nlattr * uninitialized_var(name); |
544 | const struct nlattr * uninitialized_var(name); |
|
| 545 | u8 genmask = nft_genmask_next(net); |
545 | u8 genmask = nft_genmask_next(net); |
|
| 546 | int family = nfmsg->nfgen_family; |
546 | int family = nfmsg->nfgen_family; |
|
| 547 | - struct nft_af_info *afi; |
547 | - struct nft_af_info *afi; |
|
| 548 | struct nft_table *table; |
548 | struct nft_table *table; |
|
| 549 | struct nft_chain *chain; |
549 | struct nft_chain *chain; |
|
| 550 | u8 policy = NF_ACCEPT; |
550 | u8 policy = NF_ACCEPT; |
|
| 551 | @@ -1607,11 +1514,7 @@ static int nf_tables_newchain(struct net |
551 | @@ -1591,11 +1498,7 @@ static int nf_tables_newchain(struct net |
|
| Line 552... | Line 552... | |||
| 552 | |
552 | |
|
| Line 553... | Line 553... | |||
| 553 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
553 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
|
| 554 | |
554 | |
|
| Line 559... | Line 559... | |||
| 559 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
559 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
|
| 560 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
560 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
|
| 561 | genmask); |
561 | genmask); |
|
| 562 | if (IS_ERR(table)) |
562 | if (IS_ERR(table)) |
|
| 563 | return PTR_ERR(table); |
563 | return PTR_ERR(table); |
|
| 564 | @@ -1652,7 +1555,7 @@ static int nf_tables_newchain(struct net |
564 | @@ -1636,7 +1539,7 @@ static int nf_tables_newchain(struct net |
|
| 565 | } |
565 | } |
|
| 566 | } |
566 | } |
|
| Line 567... | Line 567... | |||
| 567 | |
567 | |
|
| 568 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
568 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 569... | Line 569... | |||
| 569 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
569 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
|
| 570 | |
570 | |
|
| 571 | if (chain != NULL) { |
571 | if (chain != NULL) { |
|
| 572 | if (nlh->nlmsg_flags & NLM_F_EXCL) |
572 | if (nlh->nlmsg_flags & NLM_F_EXCL) |
|
| 573 | @@ -1673,7 +1576,6 @@ static int nf_tables_delchain(struct net |
573 | @@ -1657,7 +1560,6 @@ static int nf_tables_delchain(struct net |
|
| 574 | { |
574 | { |
|
| 575 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
575 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 576 | u8 genmask = nft_genmask_next(net); |
576 | u8 genmask = nft_genmask_next(net); |
|
| 577 | - struct nft_af_info *afi; |
577 | - struct nft_af_info *afi; |
|
| 578 | struct nft_table *table; |
578 | struct nft_table *table; |
|
| 579 | struct nft_chain *chain; |
579 | struct nft_chain *chain; |
|
| 580 | struct nft_rule *rule; |
580 | struct nft_rule *rule; |
|
| 581 | @@ -1682,11 +1584,7 @@ static int nf_tables_delchain(struct net |
581 | @@ -1666,11 +1568,7 @@ static int nf_tables_delchain(struct net |
|
| Line 582... | Line 582... | |||
| 582 | u32 use; |
582 | u32 use; |
|
| 583 | int err; |
583 | int err; |
|
| Line 589... | Line 589... | |||
| 589 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
589 | - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, |
|
| 590 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
590 | + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, |
|
| 591 | genmask); |
591 | genmask); |
|
| 592 | if (IS_ERR(table)) |
592 | if (IS_ERR(table)) |
|
| 593 | return PTR_ERR(table); |
593 | return PTR_ERR(table); |
|
| 594 | @@ -1699,7 +1597,7 @@ static int nf_tables_delchain(struct net |
594 | @@ -1683,7 +1581,7 @@ static int nf_tables_delchain(struct net |
|
| 595 | chain->use > 0) |
595 | chain->use > 0) |
|
| 596 | return -EBUSY; |
596 | return -EBUSY; |
|
| Line 597... | Line 597... | |||
| 597 | |
597 | |
|
| 598 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
598 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 599... | Line 599... | |||
| 599 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
599 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
|
| 600 | |
600 | |
|
| 601 | use = chain->use; |
601 | use = chain->use; |
|
| 602 | list_for_each_entry(rule, &chain->rules, list) { |
602 | list_for_each_entry(rule, &chain->rules, list) { |
|
| Line 603... | Line 603... | |||
| 603 | @@ -2123,7 +2021,7 @@ static int nf_tables_dump_rules(struct s |
603 | @@ -2107,7 +2005,7 @@ static int nf_tables_dump_rules(struct s |
|
| 604 | cb->seq = net->nft.base_seq; |
604 | cb->seq = net->nft.base_seq; |
|
| 605 | |
605 | |
|
| 606 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
606 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
|
| Line 607... | Line 607... | |||
| 607 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
607 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
|
| 608 | + if (family != NFPROTO_UNSPEC && family != table->family) |
608 | + if (family != NFPROTO_UNSPEC && family != table->family) |
|
| 609 | continue; |
609 | continue; |
|
| 610 | |
610 | |
|
| 611 | if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) |
611 | if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) |
|
| 612 | @@ -2146,7 +2044,7 @@ static int nf_tables_dump_rules(struct s |
612 | @@ -2130,7 +2028,7 @@ static int nf_tables_dump_rules(struct s |
|
| 613 | cb->nlh->nlmsg_seq, |
613 | cb->nlh->nlmsg_seq, |
|
| 614 | NFT_MSG_NEWRULE, |
614 | NFT_MSG_NEWRULE, |
|
| 615 | NLM_F_MULTI | NLM_F_APPEND, |
615 | NLM_F_MULTI | NLM_F_APPEND, |
|
| Line 616... | Line 616... | |||
| 616 | - table->afi->family, |
616 | - table->afi->family, |
|
| 617 | + table->family, |
617 | + table->family, |
|
| 618 | table, chain, rule) < 0) |
618 | table, chain, rule) < 0) |
|
| 619 | goto done; |
619 | goto done; |
|
| 620 | |
620 | |
|
| 621 | @@ -2182,7 +2080,6 @@ static int nf_tables_getrule(struct net |
621 | @@ -2166,7 +2064,6 @@ static int nf_tables_getrule(struct net |
|
| 622 | { |
622 | { |
|
| 623 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
623 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 624 | u8 genmask = nft_genmask_cur(net); |
624 | u8 genmask = nft_genmask_cur(net); |
|
| 625 | - const struct nft_af_info *afi; |
625 | - const struct nft_af_info *afi; |
|
| 626 | const struct nft_table *table; |
626 | const struct nft_table *table; |
|
| Line 627... | Line 627... | |||
| 627 | const struct nft_chain *chain; |
627 | const struct nft_chain *chain; |
|
| 628 | const struct nft_rule *rule; |
628 | const struct nft_rule *rule; |
|
| Line 637... | Line 637... | |||
| 637 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
637 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
|
| 638 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
638 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
|
| 639 | genmask); |
639 | genmask); |
|
| 640 | if (IS_ERR(table)) |
640 | if (IS_ERR(table)) |
|
| 641 | return PTR_ERR(table); |
641 | return PTR_ERR(table); |
|
| 642 | @@ -2296,7 +2189,7 @@ static int nf_tables_newrule(struct net |
642 | @@ -2279,7 +2172,7 @@ static int nf_tables_newrule(struct net |
|
| 643 | { |
643 | { |
|
| 644 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
644 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 645 | u8 genmask = nft_genmask_next(net); |
645 | u8 genmask = nft_genmask_next(net); |
|
| 646 | - struct nft_af_info *afi; |
646 | - struct nft_af_info *afi; |
|
| 647 | + int family = nfmsg->nfgen_family; |
647 | + int family = nfmsg->nfgen_family; |
|
| 648 | struct nft_table *table; |
648 | struct nft_table *table; |
|
| 649 | struct nft_chain *chain; |
649 | struct nft_chain *chain; |
|
| 650 | struct nft_rule *rule, *old_rule = NULL; |
650 | struct nft_rule *rule, *old_rule = NULL; |
|
| 651 | @@ -2312,11 +2205,7 @@ static int nf_tables_newrule(struct net |
651 | @@ -2295,11 +2188,7 @@ static int nf_tables_newrule(struct net |
|
| Line 652... | Line 652... | |||
| 652 | |
652 | |
|
| Line 653... | Line 653... | |||
| 653 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
653 | create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; |
|
| 654 | |
654 | |
|
| Line 659... | Line 659... | |||
| 659 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
659 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
|
| 660 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
660 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
|
| 661 | genmask); |
661 | genmask); |
|
| 662 | if (IS_ERR(table)) |
662 | if (IS_ERR(table)) |
|
| 663 | return PTR_ERR(table); |
663 | return PTR_ERR(table); |
|
| 664 | @@ -2356,7 +2245,7 @@ static int nf_tables_newrule(struct net |
664 | @@ -2339,7 +2228,7 @@ static int nf_tables_newrule(struct net |
|
| 665 | return PTR_ERR(old_rule); |
665 | return PTR_ERR(old_rule); |
|
| 666 | } |
666 | } |
|
| Line 667... | Line 667... | |||
| 667 | |
667 | |
|
| 668 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
668 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 669... | Line 669... | |||
| 669 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
669 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
|
| 670 | |
670 | |
|
| 671 | n = 0; |
671 | n = 0; |
|
| 672 | size = 0; |
672 | size = 0; |
|
| 673 | @@ -2478,18 +2367,13 @@ static int nf_tables_delrule(struct net |
673 | @@ -2468,18 +2357,13 @@ static int nf_tables_delrule(struct net |
|
| 674 | { |
674 | { |
|
| 675 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
675 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 676 | u8 genmask = nft_genmask_next(net); |
676 | u8 genmask = nft_genmask_next(net); |
|
| Line 688... | Line 688... | |||
| 688 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
688 | - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, |
|
| 689 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
689 | + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, |
|
| 690 | genmask); |
690 | genmask); |
|
| 691 | if (IS_ERR(table)) |
691 | if (IS_ERR(table)) |
|
| 692 | return PTR_ERR(table); |
692 | return PTR_ERR(table); |
|
| 693 | @@ -2501,7 +2385,7 @@ static int nf_tables_delrule(struct net |
693 | @@ -2491,7 +2375,7 @@ static int nf_tables_delrule(struct net |
|
| 694 | return PTR_ERR(chain); |
694 | return PTR_ERR(chain); |
|
| 695 | } |
695 | } |
|
| Line 696... | Line 696... | |||
| 696 | |
696 | |
|
| 697 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
697 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); |
|
| Line 698... | Line 698... | |||
| 698 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
698 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); |
|
| 699 | |
699 | |
|
| 700 | if (chain) { |
700 | if (chain) { |
|
| 701 | if (nla[NFTA_RULE_HANDLE]) { |
701 | if (nla[NFTA_RULE_HANDLE]) { |
|
| 702 | @@ -2686,26 +2570,17 @@ static int nft_ctx_init_from_setattr(str |
702 | @@ -2676,26 +2560,17 @@ static int nft_ctx_init_from_setattr(str |
|
| 703 | u8 genmask) |
703 | u8 genmask) |
|
| 704 | { |
704 | { |
|
| 705 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
705 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| Line 727... | Line 727... | |||
| 727 | - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
727 | - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 728 | + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); |
728 | + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); |
|
| 729 | return 0; |
729 | return 0; |
|
| 730 | } |
730 | } |
|
| Line 731... | Line 731... | |||
| 731 | |
731 | |
|
| Line 732... | Line 732... | |||
| 732 | @@ -2937,7 +2812,7 @@ static int nf_tables_dump_sets(struct sk |
732 | @@ -2927,7 +2802,7 @@ static int nf_tables_dump_sets(struct sk |
|
| 733 | |
733 | |
|
| 734 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
734 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
|
| 735 | if (ctx->family != NFPROTO_UNSPEC && |
735 | if (ctx->family != NFPROTO_UNSPEC && |
|
| 736 | - ctx->family != table->afi->family) |
736 | - ctx->family != table->afi->family) |
|
| Line 737... | Line 737... | |||
| 737 | + ctx->family != table->family) |
737 | + ctx->family != table->family) |
|
| 738 | continue; |
738 | continue; |
|
| Line 739... | Line 739... | |||
| 739 | |
739 | |
|
| 740 | if (ctx->table && ctx->table != table) |
740 | if (ctx->table && ctx->table != table) |
|
| 741 | @@ -2958,7 +2833,7 @@ static int nf_tables_dump_sets(struct sk |
741 | @@ -2948,7 +2823,7 @@ static int nf_tables_dump_sets(struct sk |
|
| 742 | |
742 | |
|
| Line 743... | Line 743... | |||
| 743 | ctx_set = *ctx; |
743 | ctx_set = *ctx; |
|
| 744 | ctx_set.table = table; |
744 | ctx_set.table = table; |
|
| 745 | - ctx_set.family = table->afi->family; |
745 | - ctx_set.family = table->afi->family; |
|
| 746 | + ctx_set.family = table->family; |
746 | + ctx_set.family = table->family; |
|
| 747 | |
747 | |
|
| 748 | if (nf_tables_fill_set(skb, &ctx_set, set, |
748 | if (nf_tables_fill_set(skb, &ctx_set, set, |
|
| 749 | NFT_MSG_NEWSET, |
749 | NFT_MSG_NEWSET, |
|
| 750 | @@ -3070,8 +2945,8 @@ static int nf_tables_newset(struct net * |
750 | @@ -3060,8 +2935,8 @@ static int nf_tables_newset(struct net * |
|
| 751 | { |
751 | { |
|
| 752 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
752 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 753 | u8 genmask = nft_genmask_next(net); |
753 | u8 genmask = nft_genmask_next(net); |
|
| 754 | + int family = nfmsg->nfgen_family; |
754 | + int family = nfmsg->nfgen_family; |
|
| 755 | const struct nft_set_ops *ops; |
755 | const struct nft_set_ops *ops; |
|
| Line 756... | Line 756... | |||
| 756 | - struct nft_af_info *afi; |
756 | - struct nft_af_info *afi; |
|
| Line 757... | Line 757... | |||
| 757 | struct nft_table *table; |
757 | struct nft_table *table; |
|
| 758 | struct nft_set *set; |
758 | struct nft_set *set; |
|
| Line 774... | Line 774... | |||
| 774 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
774 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 775 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
775 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
|
| Line 776... | Line 776... | |||
| 776 | |
776 | |
|
| 777 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); |
777 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); |
|
| 778 | if (IS_ERR(set)) { |
778 | if (IS_ERR(set)) { |
|
| 779 | @@ -3449,19 +3320,15 @@ static int nft_ctx_init_from_elemattr(st |
779 | @@ -3439,19 +3310,15 @@ static int nft_ctx_init_from_elemattr(st |
|
| 780 | u8 genmask) |
780 | u8 genmask) |
|
| 781 | { |
781 | { |
|
| 782 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
782 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 783 | - struct nft_af_info *afi; |
783 | - struct nft_af_info *afi; |
|
| Line 797... | Line 797... | |||
| 797 | - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
797 | - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 798 | + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); |
798 | + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); |
|
| 799 | return 0; |
799 | return 0; |
|
| 800 | } |
800 | } |
|
| Line 801... | Line 801... | |||
| 801 | |
801 | |
|
| 802 | @@ -3579,7 +3446,7 @@ static int nf_tables_dump_set(struct sk_ |
802 | @@ -3569,7 +3436,7 @@ static int nf_tables_dump_set(struct sk_ |
|
| 803 | rcu_read_lock(); |
803 | rcu_read_lock(); |
|
| 804 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
804 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
|
| 805 | if (dump_ctx->ctx.family != NFPROTO_UNSPEC && |
805 | if (dump_ctx->ctx.family != NFPROTO_UNSPEC && |
|
| 806 | - dump_ctx->ctx.family != table->afi->family) |
806 | - dump_ctx->ctx.family != table->afi->family) |
|
| 807 | + dump_ctx->ctx.family != table->family) |
807 | + dump_ctx->ctx.family != table->family) |
|
| Line 808... | Line 808... | |||
| 808 | continue; |
808 | continue; |
|
| 809 | |
809 | |
|
| 810 | if (table != dump_ctx->ctx.table) |
810 | if (table != dump_ctx->ctx.table) |
|
| Line 811... | Line 811... | |||
| 811 | @@ -3609,7 +3476,7 @@ static int nf_tables_dump_set(struct sk_ |
811 | @@ -3599,7 +3466,7 @@ static int nf_tables_dump_set(struct sk_ |
|
| 812 | goto nla_put_failure; |
812 | goto nla_put_failure; |
|
| 813 | |
813 | |
|
| 814 | nfmsg = nlmsg_data(nlh); |
814 | nfmsg = nlmsg_data(nlh); |
|
| 815 | - nfmsg->nfgen_family = table->afi->family; |
815 | - nfmsg->nfgen_family = table->afi->family; |
|
| Line 816... | Line 816... | |||
| 816 | + nfmsg->nfgen_family = table->family; |
816 | + nfmsg->nfgen_family = table->family; |
|
| 817 | nfmsg->version = NFNETLINK_V0; |
817 | nfmsg->version = NFNETLINK_V0; |
|
| 818 | nfmsg->res_id = htons(net->nft.base_seq & 0xffff); |
818 | nfmsg->res_id = htons(net->nft.base_seq & 0xffff); |
|
| 819 | |
819 | |
|
| 820 | @@ -4489,7 +4356,6 @@ static int nf_tables_newobj(struct net * |
820 | @@ -4478,7 +4345,6 @@ static int nf_tables_newobj(struct net * |
|
| 821 | const struct nft_object_type *type; |
821 | const struct nft_object_type *type; |
|
| 822 | u8 genmask = nft_genmask_next(net); |
822 | u8 genmask = nft_genmask_next(net); |
|
| 823 | int family = nfmsg->nfgen_family; |
823 | int family = nfmsg->nfgen_family; |
|
| 824 | - struct nft_af_info *afi; |
824 | - struct nft_af_info *afi; |
|
| 825 | struct nft_table *table; |
825 | struct nft_table *table; |
|
| 826 | struct nft_object *obj; |
826 | struct nft_object *obj; |
|
| Line 827... | Line 827... | |||
| 827 | struct nft_ctx ctx; |
827 | struct nft_ctx ctx; |
|
| 828 | @@ -4501,11 +4367,7 @@ static int nf_tables_newobj(struct net * |
828 | @@ -4490,11 +4356,7 @@ static int nf_tables_newobj(struct net * |
|
| Line 836... | Line 836... | |||
| 836 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
836 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
|
| 837 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
837 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
|
| 838 | genmask); |
838 | genmask); |
|
| 839 | if (IS_ERR(table)) |
839 | if (IS_ERR(table)) |
|
| 840 | return PTR_ERR(table); |
840 | return PTR_ERR(table); |
|
| 841 | @@ -4524,7 +4386,7 @@ static int nf_tables_newobj(struct net * |
841 | @@ -4513,7 +4375,7 @@ static int nf_tables_newobj(struct net * |
|
| 842 | return 0; |
842 | return 0; |
|
| 843 | } |
843 | } |
|
| Line 844... | Line 844... | |||
| 844 | |
844 | |
|
| 845 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
845 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| Line 846... | Line 846... | |||
| 846 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
846 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
|
| 847 | |
847 | |
|
| 848 | type = nft_obj_type_get(objtype); |
848 | type = nft_obj_type_get(objtype); |
|
| 849 | if (IS_ERR(type)) |
849 | if (IS_ERR(type)) |
|
| Line 850... | Line 850... | |||
| 850 | @@ -4616,7 +4478,7 @@ static int nf_tables_dump_obj(struct sk_ |
850 | @@ -4605,7 +4467,7 @@ static int nf_tables_dump_obj(struct sk_ |
|
| 851 | cb->seq = net->nft.base_seq; |
851 | cb->seq = net->nft.base_seq; |
|
| 852 | |
852 | |
|
| 853 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
853 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
|
| Line 854... | Line 854... | |||
| 854 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
854 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
|
| 855 | + if (family != NFPROTO_UNSPEC && family != table->family) |
855 | + if (family != NFPROTO_UNSPEC && family != table->family) |
|
| 856 | continue; |
856 | continue; |
|
| 857 | |
857 | |
|
| 858 | list_for_each_entry_rcu(obj, &table->objects, list) { |
858 | list_for_each_entry_rcu(obj, &table->objects, list) { |
|
| 859 | @@ -4639,7 +4501,7 @@ static int nf_tables_dump_obj(struct sk_ |
859 | @@ -4628,7 +4490,7 @@ static int nf_tables_dump_obj(struct sk_ |
|
| 860 | cb->nlh->nlmsg_seq, |
860 | cb->nlh->nlmsg_seq, |
|
| 861 | NFT_MSG_NEWOBJ, |
861 | NFT_MSG_NEWOBJ, |
|
| 862 | NLM_F_MULTI | NLM_F_APPEND, |
862 | NLM_F_MULTI | NLM_F_APPEND, |
|
| Line 863... | Line 863... | |||
| 863 | - table->afi->family, table, |
863 | - table->afi->family, table, |
|
| 864 | + table->family, table, |
864 | + table->family, table, |
|
| 865 | obj, reset) < 0) |
865 | obj, reset) < 0) |
|
| 866 | goto done; |
866 | goto done; |
|
| 867 | |
867 | |
|
| 868 | @@ -4697,7 +4559,6 @@ static int nf_tables_getobj(struct net * |
868 | @@ -4686,7 +4548,6 @@ static int nf_tables_getobj(struct net * |
|
| 869 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
869 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 870 | u8 genmask = nft_genmask_cur(net); |
870 | u8 genmask = nft_genmask_cur(net); |
|
| 871 | int family = nfmsg->nfgen_family; |
871 | int family = nfmsg->nfgen_family; |
|
| 872 | - const struct nft_af_info *afi; |
872 | - const struct nft_af_info *afi; |
|
| 873 | const struct nft_table *table; |
873 | const struct nft_table *table; |
|
| Line 874... | Line 874... | |||
| 874 | struct nft_object *obj; |
874 | struct nft_object *obj; |
|
| 875 | struct sk_buff *skb2; |
875 | struct sk_buff *skb2; |
|
| Line 884... | Line 884... | |||
| 884 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
884 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
|
| 885 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
885 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
|
| 886 | genmask); |
886 | genmask); |
|
| 887 | if (IS_ERR(table)) |
887 | if (IS_ERR(table)) |
|
| 888 | return PTR_ERR(table); |
888 | return PTR_ERR(table); |
|
| 889 | @@ -4779,7 +4636,6 @@ static int nf_tables_delobj(struct net * |
889 | @@ -4768,7 +4625,6 @@ static int nf_tables_delobj(struct net * |
|
| 890 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
890 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
|
| 891 | u8 genmask = nft_genmask_next(net); |
891 | u8 genmask = nft_genmask_next(net); |
|
| 892 | int family = nfmsg->nfgen_family; |
892 | int family = nfmsg->nfgen_family; |
|
| 893 | - struct nft_af_info *afi; |
893 | - struct nft_af_info *afi; |
|
| 894 | struct nft_table *table; |
894 | struct nft_table *table; |
|
| 895 | struct nft_object *obj; |
895 | struct nft_object *obj; |
|
| 896 | struct nft_ctx ctx; |
896 | struct nft_ctx ctx; |
|
| 897 | @@ -4789,11 +4645,7 @@ static int nf_tables_delobj(struct net * |
897 | @@ -4778,11 +4634,7 @@ static int nf_tables_delobj(struct net * |
|
| 898 | !nla[NFTA_OBJ_NAME]) |
898 | !nla[NFTA_OBJ_NAME]) |
|
| 899 | return -EINVAL; |
899 | return -EINVAL; |
|
| Line 900... | Line 900... | |||
| 900 | |
900 | |
|
| 901 | - afi = nf_tables_afinfo_lookup(net, family, true); |
901 | - afi = nf_tables_afinfo_lookup(net, family, true); |
|
| Line 905... | Line 905... | |||
| 905 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
905 | - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, |
|
| 906 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
906 | + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, |
|
| 907 | genmask); |
907 | genmask); |
|
| 908 | if (IS_ERR(table)) |
908 | if (IS_ERR(table)) |
|
| 909 | return PTR_ERR(table); |
909 | return PTR_ERR(table); |
|
| 910 | @@ -4805,7 +4657,7 @@ static int nf_tables_delobj(struct net * |
910 | @@ -4794,7 +4646,7 @@ static int nf_tables_delobj(struct net * |
|
| 911 | if (obj->use > 0) |
911 | if (obj->use > 0) |
|
| 912 | return -EBUSY; |
912 | return -EBUSY; |
|
| Line 913... | Line 913... | |||
| 913 | |
913 | |
|
| 914 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
914 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| Line 915... | Line 915... | |||
| 915 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
915 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
|
| 916 | |
916 | |
|
| 917 | return nft_delobj(&ctx, obj); |
917 | return nft_delobj(&ctx, obj); |
|
| 918 | } |
918 | } |
|
| 919 | @@ -4990,33 +4842,31 @@ err1: |
919 | @@ -4979,33 +4831,31 @@ err1: |
|
| Line 920... | Line 920... | |||
| 920 | return err; |
920 | return err; |
|
| 921 | } |
921 | } |
|
| Line 954... | Line 954... | |||
| 954 | - if (__nft_flowtable_type_get(afi)) |
954 | - if (__nft_flowtable_type_get(afi)) |
|
| 955 | + if (__nft_flowtable_type_get(family)) |
955 | + if (__nft_flowtable_type_get(family)) |
|
| 956 | return ERR_PTR(-EAGAIN); |
956 | return ERR_PTR(-EAGAIN); |
|
| 957 | } |
957 | } |
|
| 958 | #endif |
958 | #endif |
|
| 959 | @@ -5064,7 +4914,6 @@ static int nf_tables_newflowtable(struct |
959 | @@ -5053,7 +4903,6 @@ static int nf_tables_newflowtable(struct |
|
| 960 | u8 genmask = nft_genmask_next(net); |
960 | u8 genmask = nft_genmask_next(net); |
|
| 961 | int family = nfmsg->nfgen_family; |
961 | int family = nfmsg->nfgen_family; |
|
| 962 | struct nft_flowtable *flowtable; |
962 | struct nft_flowtable *flowtable; |
|
| 963 | - struct nft_af_info *afi; |
963 | - struct nft_af_info *afi; |
|
| 964 | struct nft_table *table; |
964 | struct nft_table *table; |
|
| 965 | struct nft_ctx ctx; |
965 | struct nft_ctx ctx; |
|
| 966 | int err, i, k; |
966 | int err, i, k; |
|
| 967 | @@ -5074,12 +4923,8 @@ static int nf_tables_newflowtable(struct |
967 | @@ -5063,12 +4912,8 @@ static int nf_tables_newflowtable(struct |
|
| 968 | !nla[NFTA_FLOWTABLE_HOOK]) |
968 | !nla[NFTA_FLOWTABLE_HOOK]) |
|
| 969 | return -EINVAL; |
969 | return -EINVAL; |
|
| Line 970... | Line 970... | |||
| 970 | |
970 | |
|
| 971 | - afi = nf_tables_afinfo_lookup(net, family, true); |
971 | - afi = nf_tables_afinfo_lookup(net, family, true); |
|
| Line 976... | Line 976... | |||
| 976 | - afi->family, genmask); |
976 | - afi->family, genmask); |
|
| 977 | + family, genmask); |
977 | + family, genmask); |
|
| 978 | if (IS_ERR(table)) |
978 | if (IS_ERR(table)) |
|
| 979 | return PTR_ERR(table); |
979 | return PTR_ERR(table); |
|
| Line 980... | Line 980... | |||
| 980 | |
980 | |
|
| 981 | @@ -5096,7 +4941,7 @@ static int nf_tables_newflowtable(struct |
981 | @@ -5085,7 +4930,7 @@ static int nf_tables_newflowtable(struct |
|
| 982 | return 0; |
982 | return 0; |
|
| Line 983... | Line 983... | |||
| 983 | } |
983 | } |
|
| 984 | |
984 | |
|
| Line 985... | Line 985... | |||
| 985 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
985 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 986 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
986 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
|
| 987 | |
987 | |
|
| 988 | flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); |
988 | flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); |
|
| 989 | if (!flowtable) |
989 | if (!flowtable) |
|
| Line 990... | Line 990... | |||
| 990 | @@ -5109,7 +4954,7 @@ static int nf_tables_newflowtable(struct |
990 | @@ -5098,7 +4943,7 @@ static int nf_tables_newflowtable(struct |
|
| 991 | goto err1; |
991 | goto err1; |
|
| 992 | } |
992 | } |
|
| 993 | |
993 | |
|
| 994 | - type = nft_flowtable_type_get(afi); |
994 | - type = nft_flowtable_type_get(afi); |
|
| 995 | + type = nft_flowtable_type_get(family); |
995 | + type = nft_flowtable_type_get(family); |
|
| 996 | if (IS_ERR(type)) { |
996 | if (IS_ERR(type)) { |
|
| 997 | err = PTR_ERR(type); |
997 | err = PTR_ERR(type); |
|
| 998 | goto err2; |
998 | goto err2; |
|
| 999 | @@ -5169,16 +5014,11 @@ static int nf_tables_delflowtable(struct |
999 | @@ -5158,16 +5003,11 @@ static int nf_tables_delflowtable(struct |
|
| 1000 | u8 genmask = nft_genmask_next(net); |
1000 | u8 genmask = nft_genmask_next(net); |
|
| Line 1012... | Line 1012... | |||
| 1012 | - afi->family, genmask); |
1012 | - afi->family, genmask); |
|
| 1013 | + family, genmask); |
1013 | + family, genmask); |
|
| 1014 | if (IS_ERR(table)) |
1014 | if (IS_ERR(table)) |
|
| 1015 | return PTR_ERR(table); |
1015 | return PTR_ERR(table); |
|
| Line 1016... | Line 1016... | |||
| 1016 | |
1016 | |
|
| 1017 | @@ -5189,7 +5029,7 @@ static int nf_tables_delflowtable(struct |
1017 | @@ -5178,7 +5018,7 @@ static int nf_tables_delflowtable(struct |
|
| 1018 | if (flowtable->use > 0) |
1018 | if (flowtable->use > 0) |
|
| Line 1019... | Line 1019... | |||
| 1019 | return -EBUSY; |
1019 | return -EBUSY; |
|
| 1020 | |
1020 | |
|
| Line 1021... | Line 1021... | |||
| 1021 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
1021 | - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); |
|
| 1022 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
1022 | + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); |
|
| 1023 | |
1023 | |
|
| 1024 | return nft_delflowtable(&ctx, flowtable); |
1024 | return nft_delflowtable(&ctx, flowtable); |
|
| Line 1025... | Line 1025... | |||
| 1025 | } |
1025 | } |
|
| 1026 | @@ -5264,7 +5104,7 @@ static int nf_tables_dump_flowtable(stru |
1026 | @@ -5253,7 +5093,7 @@ static int nf_tables_dump_flowtable(stru |
|
| 1027 | cb->seq = net->nft.base_seq; |
1027 | cb->seq = net->nft.base_seq; |
|
| 1028 | |
1028 | |
|
| Line 1029... | Line 1029... | |||
| 1029 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
1029 | list_for_each_entry_rcu(table, &net->nft.tables, list) { |
|
| 1030 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
1030 | - if (family != NFPROTO_UNSPEC && family != table->afi->family) |
|
| 1031 | + if (family != NFPROTO_UNSPEC && family != table->family) |
1031 | + if (family != NFPROTO_UNSPEC && family != table->family) |
|
| 1032 | continue; |
1032 | continue; |
|
| 1033 | |
1033 | |
|
| 1034 | list_for_each_entry_rcu(flowtable, &table->flowtables, list) { |
1034 | list_for_each_entry_rcu(flowtable, &table->flowtables, list) { |
|
| 1035 | @@ -5283,7 +5123,7 @@ static int nf_tables_dump_flowtable(stru |
1035 | @@ -5272,7 +5112,7 @@ static int nf_tables_dump_flowtable(stru |
|
| 1036 | cb->nlh->nlmsg_seq, |
1036 | cb->nlh->nlmsg_seq, |
|
| Line 1037... | Line 1037... | |||
| 1037 | NFT_MSG_NEWFLOWTABLE, |
1037 | NFT_MSG_NEWFLOWTABLE, |
|
| 1038 | NLM_F_MULTI | NLM_F_APPEND, |
1038 | NLM_F_MULTI | NLM_F_APPEND, |
|
| 1039 | - table->afi->family, flowtable) < 0) |
1039 | - table->afi->family, flowtable) < 0) |
|
| 1040 | + table->family, flowtable) < 0) |
1040 | + table->family, flowtable) < 0) |
|
| 1041 | goto done; |
1041 | goto done; |
|
| 1042 | |
1042 | |
|
| 1043 | nl_dump_check_consistent(cb, nlmsg_hdr(skb)); |
1043 | nl_dump_check_consistent(cb, nlmsg_hdr(skb)); |
|
| 1044 | @@ -5343,7 +5183,6 @@ static int nf_tables_getflowtable(struct |
1044 | @@ -5332,7 +5172,6 @@ static int nf_tables_getflowtable(struct |
|
| 1045 | u8 genmask = nft_genmask_cur(net); |
1045 | u8 genmask = nft_genmask_cur(net); |
|
| 1046 | int family = nfmsg->nfgen_family; |
1046 | int family = nfmsg->nfgen_family; |
|
| 1047 | struct nft_flowtable *flowtable; |
1047 | struct nft_flowtable *flowtable; |
|
| 1048 | - const struct nft_af_info *afi; |
1048 | - const struct nft_af_info *afi; |
|
| Line 1049... | Line 1049... | |||
| 1049 | const struct nft_table *table; |
1049 | const struct nft_table *table; |
|
| 1050 | struct sk_buff *skb2; |
1050 | struct sk_buff *skb2; |
|
| Line 1061... | Line 1061... | |||
| 1061 | - afi->family, genmask); |
1061 | - afi->family, genmask); |
|
| 1062 | + family, genmask); |
1062 | + family, genmask); |
|
| 1063 | if (IS_ERR(table)) |
1063 | if (IS_ERR(table)) |
|
| 1064 | return PTR_ERR(table); |
1064 | return PTR_ERR(table); |
|
| Line 1065... | Line 1065... | |||
| 1065 | |
1065 | |
|
| 1066 | @@ -6545,7 +6380,7 @@ int __nft_release_basechain(struct nft_c |
1066 | @@ -6529,7 +6364,7 @@ int __nft_release_basechain(struct nft_c |
|
| 1067 | } |
1067 | } |
|
| Line 1068... | Line 1068... | |||
| 1068 | EXPORT_SYMBOL_GPL(__nft_release_basechain); |
1068 | EXPORT_SYMBOL_GPL(__nft_release_basechain); |
|
| 1069 | |
1069 | |
|
| 1070 | -static void __nft_release_afinfo(struct net *net) |
1070 | -static void __nft_release_afinfo(struct net *net) |
|
| 1071 | +static void __nft_release_tables(struct net *net) |
1071 | +static void __nft_release_tables(struct net *net) |
|
| 1072 | { |
1072 | { |
|
| 1073 | struct nft_flowtable *flowtable, *nf; |
1073 | struct nft_flowtable *flowtable, *nf; |
|
| 1074 | struct nft_table *table, *nt; |
1074 | struct nft_table *table, *nt; |
|
| Line 1075... | Line 1075... | |||
| 1075 | @@ -6558,7 +6393,7 @@ static void __nft_release_afinfo(struct |
1075 | @@ -6542,7 +6377,7 @@ static void __nft_release_afinfo(struct |
|
| 1076 | }; |
1076 | }; |
|
| 1077 | |
1077 | |
|
| Line 1078... | Line 1078... | |||
| 1078 | list_for_each_entry_safe(table, nt, &net->nft.tables, list) { |
1078 | list_for_each_entry_safe(table, nt, &net->nft.tables, list) { |
|
| 1079 | - ctx.family = table->afi->family; |
1079 | - ctx.family = table->afi->family; |
|
| 1080 | + ctx.family = table->family; |
1080 | + ctx.family = table->family; |
|
| Line 1081... | Line 1081... | |||
| 1081 | |
1081 | |
|
| 1082 | list_for_each_entry(chain, &table->chains, list) |
1082 | list_for_each_entry(chain, &table->chains, list) |
|
| 1083 | nf_tables_unregister_hook(net, table, chain); |
1083 | nf_tables_unregister_hook(net, table, chain); |
|
| 1084 | @@ -6610,7 +6445,7 @@ static int __net_init nf_tables_init_net |
1084 | @@ -6594,7 +6429,7 @@ static int __net_init nf_tables_init_net |
|