mirror of https://github.com/hak5/openwrt.git
kernel: bump 4.14 to 4.14.54
Rereshed all patches Reworked patches to match upstream: 335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>openwrt-19.07
parent
954faac7bc
commit
ba2b0f0ac6
|
@ -5,12 +5,12 @@ LINUX_RELEASE?=1
|
||||||
LINUX_VERSION-3.18 = .71
|
LINUX_VERSION-3.18 = .71
|
||||||
LINUX_VERSION-4.4 = .121
|
LINUX_VERSION-4.4 = .121
|
||||||
LINUX_VERSION-4.9 = .111
|
LINUX_VERSION-4.9 = .111
|
||||||
LINUX_VERSION-4.14 = .53
|
LINUX_VERSION-4.14 = .54
|
||||||
|
|
||||||
LINUX_KERNEL_HASH-3.18.71 = 5abc9778ad44ce02ed6c8ab52ece8a21c6d20d21f6ed8a19287b4a38a50c1240
|
LINUX_KERNEL_HASH-3.18.71 = 5abc9778ad44ce02ed6c8ab52ece8a21c6d20d21f6ed8a19287b4a38a50c1240
|
||||||
LINUX_KERNEL_HASH-4.4.121 = 44a88268b5088dc326b30c9b9133ac35a9a200b636b7268d08f32abeae6ca729
|
LINUX_KERNEL_HASH-4.4.121 = 44a88268b5088dc326b30c9b9133ac35a9a200b636b7268d08f32abeae6ca729
|
||||||
LINUX_KERNEL_HASH-4.9.111 = 5966558959dc580f163766f3fdefd7e57c01b2b45d51202d00b3807c253759dd
|
LINUX_KERNEL_HASH-4.9.111 = 5966558959dc580f163766f3fdefd7e57c01b2b45d51202d00b3807c253759dd
|
||||||
LINUX_KERNEL_HASH-4.14.53 = a85f2572f97dc551f4a159d0c0858e6f40b925afd2d14a0aa25ee9238da80bbf
|
LINUX_KERNEL_HASH-4.14.54 = 451642ac28c539a91072f1fb83b1c061d6d44df870ddf5562400ade5e1c4b6c6
|
||||||
|
|
||||||
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
|
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
|
||||||
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
|
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
#include <asm/bootinfo.h>
|
#include <asm/bootinfo.h>
|
||||||
#include <asm/idle.h>
|
#include <asm/idle.h>
|
||||||
#include <asm/prom.h>
|
#include <asm/prom.h>
|
||||||
@@ -225,6 +226,33 @@ static struct fixed_phy_status bcm47xx_f
|
@@ -231,6 +232,33 @@ static struct fixed_phy_status bcm47xx_f
|
||||||
.duplex = DUPLEX_FULL,
|
.duplex = DUPLEX_FULL,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@
|
||||||
static int __init bcm47xx_register_bus_complete(void)
|
static int __init bcm47xx_register_bus_complete(void)
|
||||||
{
|
{
|
||||||
switch (bcm47xx_bus_type) {
|
switch (bcm47xx_bus_type) {
|
||||||
@@ -244,6 +272,7 @@ static int __init bcm47xx_register_bus_c
|
@@ -250,6 +278,7 @@ static int __init bcm47xx_register_bus_c
|
||||||
bcm47xx_workarounds();
|
bcm47xx_workarounds();
|
||||||
|
|
||||||
fixed_phy_add(PHY_POLL, 0, &bcm47xx_fixed_phy_status, -1);
|
fixed_phy_add(PHY_POLL, 0, &bcm47xx_fixed_phy_status, -1);
|
||||||
|
|
|
@ -135,7 +135,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
new->hooks[nhooks] = old->hooks[i];
|
new->hooks[nhooks] = old->hooks[i];
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1400,6 +1400,8 @@ static int nf_tables_addchain(struct nft
|
@@ -1431,6 +1431,8 @@ static int nf_tables_addchain(struct nft
|
||||||
ops->hook = hookfn;
|
ops->hook = hookfn;
|
||||||
if (afi->hook_ops_init)
|
if (afi->hook_ops_init)
|
||||||
afi->hook_ops_init(ops, i);
|
afi->hook_ops_init(ops, i);
|
||||||
|
|
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -892,8 +892,6 @@ struct nft_stats {
|
@@ -897,8 +897,6 @@ struct nft_stats {
|
||||||
struct u64_stats_sync syncp;
|
struct u64_stats_sync syncp;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
/**
|
/**
|
||||||
* struct nft_base_chain - nf_tables base chain
|
* struct nft_base_chain - nf_tables base chain
|
||||||
*
|
*
|
||||||
@@ -905,7 +903,7 @@ struct nft_stats {
|
@@ -910,7 +908,7 @@ struct nft_stats {
|
||||||
* @dev_name: device name that this base chain is attached to (if any)
|
* @dev_name: device name that this base chain is attached to (if any)
|
||||||
*/
|
*/
|
||||||
struct nft_base_chain {
|
struct nft_base_chain {
|
||||||
|
@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nf_chain_type *type;
|
const struct nf_chain_type *type;
|
||||||
u8 policy;
|
u8 policy;
|
||||||
u8 flags;
|
u8 flags;
|
||||||
@@ -966,8 +964,6 @@ enum nft_af_flags {
|
@@ -971,8 +969,6 @@ enum nft_af_flags {
|
||||||
* @owner: module owner
|
* @owner: module owner
|
||||||
* @tables: used internally
|
* @tables: used internally
|
||||||
* @flags: family flags
|
* @flags: family flags
|
||||||
|
@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @hooks: hookfn overrides for packet validation
|
* @hooks: hookfn overrides for packet validation
|
||||||
*/
|
*/
|
||||||
struct nft_af_info {
|
struct nft_af_info {
|
||||||
@@ -977,9 +973,6 @@ struct nft_af_info {
|
@@ -982,9 +978,6 @@ struct nft_af_info {
|
||||||
struct module *owner;
|
struct module *owner;
|
||||||
struct list_head tables;
|
struct list_head tables;
|
||||||
u32 flags;
|
u32 flags;
|
||||||
|
@ -128,7 +128,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
|
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
|
||||||
@@ -595,8 +592,7 @@ static void _nf_tables_table_disable(str
|
@@ -624,8 +621,7 @@ static void _nf_tables_table_disable(str
|
||||||
if (cnt && i++ == cnt)
|
if (cnt && i++ == cnt)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -613,8 +609,7 @@ static int nf_tables_table_enable(struct
|
@@ -642,8 +638,7 @@ static int nf_tables_table_enable(struct
|
||||||
if (!nft_is_base_chain(chain))
|
if (!nft_is_base_chain(chain))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
@ -148,7 +148,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
@@ -1026,7 +1021,7 @@ static int nf_tables_fill_chain_info(str
|
@@ -1055,7 +1050,7 @@ static int nf_tables_fill_chain_info(str
|
||||||
|
|
||||||
if (nft_is_base_chain(chain)) {
|
if (nft_is_base_chain(chain)) {
|
||||||
const struct nft_base_chain *basechain = nft_base_chain(chain);
|
const struct nft_base_chain *basechain = nft_base_chain(chain);
|
||||||
|
@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nlattr *nest;
|
struct nlattr *nest;
|
||||||
|
|
||||||
nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
|
nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
|
||||||
@@ -1252,8 +1247,8 @@ static void nf_tables_chain_destroy(stru
|
@@ -1283,8 +1278,8 @@ static void nf_tables_chain_destroy(stru
|
||||||
free_percpu(basechain->stats);
|
free_percpu(basechain->stats);
|
||||||
if (basechain->stats)
|
if (basechain->stats)
|
||||||
static_branch_dec(&nft_counters_enabled);
|
static_branch_dec(&nft_counters_enabled);
|
||||||
|
@ -168,7 +168,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
kfree(chain->name);
|
kfree(chain->name);
|
||||||
kfree(basechain);
|
kfree(basechain);
|
||||||
} else {
|
} else {
|
||||||
@@ -1349,7 +1344,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1380,7 +1375,6 @@ static int nf_tables_addchain(struct nft
|
||||||
struct nft_stats __percpu *stats;
|
struct nft_stats __percpu *stats;
|
||||||
struct net *net = ctx->net;
|
struct net *net = ctx->net;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
|
@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (table->use == UINT_MAX)
|
if (table->use == UINT_MAX)
|
||||||
@@ -1388,21 +1382,18 @@ static int nf_tables_addchain(struct nft
|
@@ -1419,21 +1413,18 @@ static int nf_tables_addchain(struct nft
|
||||||
basechain->type = hook.type;
|
basechain->type = hook.type;
|
||||||
chain = &basechain->chain;
|
chain = &basechain->chain;
|
||||||
|
|
||||||
|
@ -210,7 +210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
chain->flags |= NFT_BASE_CHAIN;
|
chain->flags |= NFT_BASE_CHAIN;
|
||||||
basechain->policy = policy;
|
basechain->policy = policy;
|
||||||
@@ -1420,7 +1411,7 @@ static int nf_tables_addchain(struct nft
|
@@ -1451,7 +1442,7 @@ static int nf_tables_addchain(struct nft
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -219,7 +219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
@@ -1434,7 +1425,7 @@ static int nf_tables_addchain(struct nft
|
@@ -1465,7 +1456,7 @@ static int nf_tables_addchain(struct nft
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
err2:
|
err2:
|
||||||
|
@ -228,7 +228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
err1:
|
err1:
|
||||||
nf_tables_chain_destroy(chain);
|
nf_tables_chain_destroy(chain);
|
||||||
|
|
||||||
@@ -1447,14 +1438,13 @@ static int nf_tables_updchain(struct nft
|
@@ -1478,14 +1469,13 @@ static int nf_tables_updchain(struct nft
|
||||||
const struct nlattr * const *nla = ctx->nla;
|
const struct nlattr * const *nla = ctx->nla;
|
||||||
struct nft_table *table = ctx->table;
|
struct nft_table *table = ctx->table;
|
||||||
struct nft_chain *chain = ctx->chain;
|
struct nft_chain *chain = ctx->chain;
|
||||||
|
@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (nla[NFTA_CHAIN_HOOK]) {
|
if (nla[NFTA_CHAIN_HOOK]) {
|
||||||
if (!nft_is_base_chain(chain))
|
if (!nft_is_base_chain(chain))
|
||||||
@@ -1471,14 +1461,12 @@ static int nf_tables_updchain(struct nft
|
@@ -1502,14 +1492,12 @@ static int nf_tables_updchain(struct nft
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -265,7 +265,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
nft_chain_release_hook(&hook);
|
nft_chain_release_hook(&hook);
|
||||||
}
|
}
|
||||||
@@ -5069,10 +5057,9 @@ static int nf_tables_commit(struct net *
|
@@ -5112,10 +5100,9 @@ static int nf_tables_commit(struct net *
|
||||||
case NFT_MSG_DELCHAIN:
|
case NFT_MSG_DELCHAIN:
|
||||||
list_del_rcu(&trans->ctx.chain->list);
|
list_del_rcu(&trans->ctx.chain->list);
|
||||||
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
|
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
|
||||||
|
@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
break;
|
break;
|
||||||
case NFT_MSG_NEWRULE:
|
case NFT_MSG_NEWRULE:
|
||||||
nft_clear(trans->ctx.net, nft_trans_rule(trans));
|
nft_clear(trans->ctx.net, nft_trans_rule(trans));
|
||||||
@@ -5209,10 +5196,9 @@ static int nf_tables_abort(struct net *n
|
@@ -5252,10 +5239,9 @@ static int nf_tables_abort(struct net *n
|
||||||
} else {
|
} else {
|
||||||
trans->ctx.table->use--;
|
trans->ctx.table->use--;
|
||||||
list_del_rcu(&trans->ctx.chain->list);
|
list_del_rcu(&trans->ctx.chain->list);
|
||||||
|
@ -293,7 +293,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case NFT_MSG_DELCHAIN:
|
case NFT_MSG_DELCHAIN:
|
||||||
@@ -5313,7 +5299,7 @@ int nft_chain_validate_hooks(const struc
|
@@ -5358,7 +5344,7 @@ int nft_chain_validate_hooks(const struc
|
||||||
if (nft_is_base_chain(chain)) {
|
if (nft_is_base_chain(chain)) {
|
||||||
basechain = nft_base_chain(chain);
|
basechain = nft_base_chain(chain);
|
||||||
|
|
||||||
|
@ -302,7 +302,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
@@ -5795,8 +5781,7 @@ int __nft_release_basechain(struct nft_c
|
@@ -5840,8 +5826,7 @@ int __nft_release_basechain(struct nft_c
|
||||||
|
|
||||||
BUG_ON(!nft_is_base_chain(ctx->chain));
|
BUG_ON(!nft_is_base_chain(ctx->chain));
|
||||||
|
|
||||||
|
@ -312,7 +312,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
|
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
|
||||||
list_del(&rule->list);
|
list_del(&rule->list);
|
||||||
ctx->chain->use--;
|
ctx->chain->use--;
|
||||||
@@ -5825,8 +5810,7 @@ static void __nft_release_afinfo(struct
|
@@ -5870,8 +5855,7 @@ static void __nft_release_afinfo(struct
|
||||||
|
|
||||||
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
|
@ -353,7 +353,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
strncpy(basechain->dev_name, dev->name, IFNAMSIZ);
|
strncpy(basechain->dev_name, dev->name, IFNAMSIZ);
|
||||||
--- a/net/netfilter/nft_compat.c
|
--- a/net/netfilter/nft_compat.c
|
||||||
+++ b/net/netfilter/nft_compat.c
|
+++ b/net/netfilter/nft_compat.c
|
||||||
@@ -169,7 +169,7 @@ nft_target_set_tgchk_param(struct xt_tgc
|
@@ -186,7 +186,7 @@ nft_target_set_tgchk_param(struct xt_tgc
|
||||||
if (nft_is_base_chain(ctx->chain)) {
|
if (nft_is_base_chain(ctx->chain)) {
|
||||||
const struct nft_base_chain *basechain =
|
const struct nft_base_chain *basechain =
|
||||||
nft_base_chain(ctx->chain);
|
nft_base_chain(ctx->chain);
|
||||||
|
@ -362,7 +362,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
par->hook_mask = 1 << ops->hooknum;
|
par->hook_mask = 1 << ops->hooknum;
|
||||||
} else {
|
} else {
|
||||||
@@ -302,7 +302,7 @@ static int nft_target_validate(const str
|
@@ -317,7 +317,7 @@ static int nft_target_validate(const str
|
||||||
if (nft_is_base_chain(ctx->chain)) {
|
if (nft_is_base_chain(ctx->chain)) {
|
||||||
const struct nft_base_chain *basechain =
|
const struct nft_base_chain *basechain =
|
||||||
nft_base_chain(ctx->chain);
|
nft_base_chain(ctx->chain);
|
||||||
|
@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
hook_mask = 1 << ops->hooknum;
|
hook_mask = 1 << ops->hooknum;
|
||||||
if (target->hooks && !(hook_mask & target->hooks))
|
if (target->hooks && !(hook_mask & target->hooks))
|
||||||
@@ -383,7 +383,7 @@ nft_match_set_mtchk_param(struct xt_mtch
|
@@ -414,7 +414,7 @@ nft_match_set_mtchk_param(struct xt_mtch
|
||||||
if (nft_is_base_chain(ctx->chain)) {
|
if (nft_is_base_chain(ctx->chain)) {
|
||||||
const struct nft_base_chain *basechain =
|
const struct nft_base_chain *basechain =
|
||||||
nft_base_chain(ctx->chain);
|
nft_base_chain(ctx->chain);
|
||||||
|
@ -380,7 +380,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
par->hook_mask = 1 << ops->hooknum;
|
par->hook_mask = 1 << ops->hooknum;
|
||||||
} else {
|
} else {
|
||||||
@@ -481,7 +481,7 @@ static int nft_match_validate(const stru
|
@@ -564,7 +564,7 @@ static int nft_match_validate(const stru
|
||||||
if (nft_is_base_chain(ctx->chain)) {
|
if (nft_is_base_chain(ctx->chain)) {
|
||||||
const struct nft_base_chain *basechain =
|
const struct nft_base_chain *basechain =
|
||||||
nft_base_chain(ctx->chain);
|
nft_base_chain(ctx->chain);
|
||||||
|
|
|
@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -870,7 +870,7 @@ enum nft_chain_type {
|
@@ -875,7 +875,7 @@ enum nft_chain_type {
|
||||||
* @family: address family
|
* @family: address family
|
||||||
* @owner: module owner
|
* @owner: module owner
|
||||||
* @hook_mask: mask of valid hooks
|
* @hook_mask: mask of valid hooks
|
||||||
|
@ -19,7 +19,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
*/
|
*/
|
||||||
struct nf_chain_type {
|
struct nf_chain_type {
|
||||||
const char *name;
|
const char *name;
|
||||||
@@ -964,7 +964,6 @@ enum nft_af_flags {
|
@@ -969,7 +969,6 @@ enum nft_af_flags {
|
||||||
* @owner: module owner
|
* @owner: module owner
|
||||||
* @tables: used internally
|
* @tables: used internally
|
||||||
* @flags: family flags
|
* @flags: family flags
|
||||||
|
@ -27,7 +27,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
*/
|
*/
|
||||||
struct nft_af_info {
|
struct nft_af_info {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
@@ -973,7 +972,6 @@ struct nft_af_info {
|
@@ -978,7 +977,6 @@ struct nft_af_info {
|
||||||
struct module *owner;
|
struct module *owner;
|
||||||
struct list_head tables;
|
struct list_head tables;
|
||||||
u32 flags;
|
u32 flags;
|
||||||
|
@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static int __init nf_tables_ipv6_init(void)
|
static int __init nf_tables_ipv6_init(void)
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1352,7 +1352,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1383,7 +1383,6 @@ static int nf_tables_addchain(struct nft
|
||||||
if (nla[NFTA_CHAIN_HOOK]) {
|
if (nla[NFTA_CHAIN_HOOK]) {
|
||||||
struct nft_chain_hook hook;
|
struct nft_chain_hook hook;
|
||||||
struct nf_hook_ops *ops;
|
struct nf_hook_ops *ops;
|
||||||
|
@ -159,7 +159,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
err = nft_chain_parse_hook(net, nla, afi, &hook, create);
|
err = nft_chain_parse_hook(net, nla, afi, &hook, create);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -1378,7 +1377,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1409,7 +1408,6 @@ static int nf_tables_addchain(struct nft
|
||||||
static_branch_inc(&nft_counters_enabled);
|
static_branch_inc(&nft_counters_enabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -167,7 +167,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
basechain->type = hook.type;
|
basechain->type = hook.type;
|
||||||
chain = &basechain->chain;
|
chain = &basechain->chain;
|
||||||
|
|
||||||
@@ -1387,10 +1385,8 @@ static int nf_tables_addchain(struct nft
|
@@ -1418,10 +1416,8 @@ static int nf_tables_addchain(struct nft
|
||||||
ops->hooknum = hook.num;
|
ops->hooknum = hook.num;
|
||||||
ops->priority = hook.priority;
|
ops->priority = hook.priority;
|
||||||
ops->priv = chain;
|
ops->priv = chain;
|
||||||
|
|
|
@ -40,7 +40,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
default:
|
default:
|
||||||
WARN_ON(1);
|
WARN_ON(1);
|
||||||
goto err;
|
goto err;
|
||||||
@@ -308,6 +313,11 @@ int nft_meta_get_init(const struct nft_c
|
@@ -310,6 +315,11 @@ int nft_meta_get_init(const struct nft_c
|
||||||
prandom_init_once(&nft_prandom_state);
|
prandom_init_once(&nft_prandom_state);
|
||||||
len = sizeof(u32);
|
len = sizeof(u32);
|
||||||
break;
|
break;
|
||||||
|
@ -52,7 +52,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
default:
|
default:
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
}
|
}
|
||||||
@@ -318,6 +328,38 @@ int nft_meta_get_init(const struct nft_c
|
@@ -320,6 +330,38 @@ int nft_meta_get_init(const struct nft_c
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nft_meta_get_init);
|
EXPORT_SYMBOL_GPL(nft_meta_get_init);
|
||||||
|
|
||||||
|
@ -91,7 +91,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
int nft_meta_set_validate(const struct nft_ctx *ctx,
|
int nft_meta_set_validate(const struct nft_ctx *ctx,
|
||||||
const struct nft_expr *expr,
|
const struct nft_expr *expr,
|
||||||
const struct nft_data **data)
|
const struct nft_data **data)
|
||||||
@@ -434,6 +476,7 @@ static const struct nft_expr_ops nft_met
|
@@ -436,6 +478,7 @@ static const struct nft_expr_ops nft_met
|
||||||
.eval = nft_meta_get_eval,
|
.eval = nft_meta_get_eval,
|
||||||
.init = nft_meta_get_init,
|
.init = nft_meta_get_init,
|
||||||
.dump = nft_meta_get_dump,
|
.dump = nft_meta_get_dump,
|
||||||
|
|
|
@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
#include <net/netlink.h>
|
#include <net/netlink.h>
|
||||||
|
|
||||||
#define NFT_JUMP_STACK_SIZE 16
|
#define NFT_JUMP_STACK_SIZE 16
|
||||||
@@ -933,6 +934,7 @@ unsigned int nft_do_chain(struct nft_pkt
|
@@ -938,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt
|
||||||
* @chains: chains in the table
|
* @chains: chains in the table
|
||||||
* @sets: sets in the table
|
* @sets: sets in the table
|
||||||
* @objects: stateful objects in the table
|
* @objects: stateful objects in the table
|
||||||
|
@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @hgenerator: handle generator state
|
* @hgenerator: handle generator state
|
||||||
* @use: number of chain references to this table
|
* @use: number of chain references to this table
|
||||||
* @flags: table flag (see enum nft_table_flags)
|
* @flags: table flag (see enum nft_table_flags)
|
||||||
@@ -944,6 +946,7 @@ struct nft_table {
|
@@ -949,6 +951,7 @@ struct nft_table {
|
||||||
struct list_head chains;
|
struct list_head chains;
|
||||||
struct list_head sets;
|
struct list_head sets;
|
||||||
struct list_head objects;
|
struct list_head objects;
|
||||||
|
@ -66,7 +66,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
u64 hgenerator;
|
u64 hgenerator;
|
||||||
u32 use;
|
u32 use;
|
||||||
u16 flags:14,
|
u16 flags:14,
|
||||||
@@ -1075,6 +1078,44 @@ int nft_register_obj(struct nft_object_t
|
@@ -1080,6 +1083,44 @@ int nft_register_obj(struct nft_object_t
|
||||||
void nft_unregister_obj(struct nft_object_type *obj_type);
|
void nft_unregister_obj(struct nft_object_type *obj_type);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -111,7 +111,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* struct nft_traceinfo - nft tracing information and state
|
* struct nft_traceinfo - nft tracing information and state
|
||||||
*
|
*
|
||||||
* @pkt: pktinfo currently processed
|
* @pkt: pktinfo currently processed
|
||||||
@@ -1310,4 +1351,11 @@ struct nft_trans_obj {
|
@@ -1315,4 +1356,11 @@ struct nft_trans_obj {
|
||||||
#define nft_trans_obj(trans) \
|
#define nft_trans_obj(trans) \
|
||||||
(((struct nft_trans_obj *)trans->data)->obj)
|
(((struct nft_trans_obj *)trans->data)->obj)
|
||||||
|
|
||||||
|
@ -217,7 +217,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* nft_register_afinfo - register nf_tables address family info
|
* nft_register_afinfo - register nf_tables address family info
|
||||||
@@ -345,6 +347,40 @@ static int nft_delobj(struct nft_ctx *ct
|
@@ -374,6 +376,40 @@ static int nft_delobj(struct nft_ctx *ct
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -258,7 +258,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
/*
|
/*
|
||||||
* Tables
|
* Tables
|
||||||
*/
|
*/
|
||||||
@@ -728,6 +764,7 @@ static int nf_tables_newtable(struct net
|
@@ -757,6 +793,7 @@ static int nf_tables_newtable(struct net
|
||||||
INIT_LIST_HEAD(&table->chains);
|
INIT_LIST_HEAD(&table->chains);
|
||||||
INIT_LIST_HEAD(&table->sets);
|
INIT_LIST_HEAD(&table->sets);
|
||||||
INIT_LIST_HEAD(&table->objects);
|
INIT_LIST_HEAD(&table->objects);
|
||||||
|
@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
table->flags = flags;
|
table->flags = flags;
|
||||||
|
|
||||||
nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
|
nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla);
|
||||||
@@ -749,10 +786,11 @@ err1:
|
@@ -778,10 +815,11 @@ err1:
|
||||||
|
|
||||||
static int nft_flush_table(struct nft_ctx *ctx)
|
static int nft_flush_table(struct nft_ctx *ctx)
|
||||||
{
|
{
|
||||||
|
@ -279,7 +279,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
list_for_each_entry(chain, &ctx->table->chains, list) {
|
list_for_each_entry(chain, &ctx->table->chains, list) {
|
||||||
if (!nft_is_active_next(ctx->net, chain))
|
if (!nft_is_active_next(ctx->net, chain))
|
||||||
@@ -778,6 +816,12 @@ static int nft_flush_table(struct nft_ct
|
@@ -807,6 +845,12 @@ static int nft_flush_table(struct nft_ct
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -292,7 +292,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
|
list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
|
||||||
err = nft_delobj(ctx, obj);
|
err = nft_delobj(ctx, obj);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -4774,6 +4818,605 @@ static void nf_tables_obj_notify(const s
|
@@ -4817,6 +4861,605 @@ static void nf_tables_obj_notify(const s
|
||||||
ctx->afi->family, ctx->report, GFP_KERNEL);
|
ctx->afi->family, ctx->report, GFP_KERNEL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -898,7 +898,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
|
||||||
u32 portid, u32 seq)
|
u32 portid, u32 seq)
|
||||||
{
|
{
|
||||||
@@ -4804,6 +5447,49 @@ nla_put_failure:
|
@@ -4847,6 +5490,49 @@ nla_put_failure:
|
||||||
return -EMSGSIZE;
|
return -EMSGSIZE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -948,7 +948,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
|
static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
|
||||||
int event)
|
int event)
|
||||||
{
|
{
|
||||||
@@ -4956,6 +5642,21 @@ static const struct nfnl_callback nf_tab
|
@@ -4999,6 +5685,21 @@ static const struct nfnl_callback nf_tab
|
||||||
.attr_count = NFTA_OBJ_MAX,
|
.attr_count = NFTA_OBJ_MAX,
|
||||||
.policy = nft_obj_policy,
|
.policy = nft_obj_policy,
|
||||||
},
|
},
|
||||||
|
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
};
|
};
|
||||||
|
|
||||||
static void nft_chain_commit_update(struct nft_trans *trans)
|
static void nft_chain_commit_update(struct nft_trans *trans)
|
||||||
@@ -5001,6 +5702,9 @@ static void nf_tables_commit_release(str
|
@@ -5044,6 +5745,9 @@ static void nf_tables_commit_release(str
|
||||||
case NFT_MSG_DELOBJ:
|
case NFT_MSG_DELOBJ:
|
||||||
nft_obj_destroy(nft_trans_obj(trans));
|
nft_obj_destroy(nft_trans_obj(trans));
|
||||||
break;
|
break;
|
||||||
|
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
kfree(trans);
|
kfree(trans);
|
||||||
}
|
}
|
||||||
@@ -5118,6 +5822,21 @@ static int nf_tables_commit(struct net *
|
@@ -5161,6 +5865,21 @@ static int nf_tables_commit(struct net *
|
||||||
nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
|
nf_tables_obj_notify(&trans->ctx, nft_trans_obj(trans),
|
||||||
NFT_MSG_DELOBJ);
|
NFT_MSG_DELOBJ);
|
||||||
break;
|
break;
|
||||||
|
@ -1002,7 +1002,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5155,6 +5874,9 @@ static void nf_tables_abort_release(stru
|
@@ -5198,6 +5917,9 @@ static void nf_tables_abort_release(stru
|
||||||
case NFT_MSG_NEWOBJ:
|
case NFT_MSG_NEWOBJ:
|
||||||
nft_obj_destroy(nft_trans_obj(trans));
|
nft_obj_destroy(nft_trans_obj(trans));
|
||||||
break;
|
break;
|
||||||
|
@ -1012,7 +1012,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
kfree(trans);
|
kfree(trans);
|
||||||
}
|
}
|
||||||
@@ -5244,6 +5966,17 @@ static int nf_tables_abort(struct net *n
|
@@ -5289,6 +6011,17 @@ static int nf_tables_abort(struct net *n
|
||||||
nft_clear(trans->ctx.net, nft_trans_obj(trans));
|
nft_clear(trans->ctx.net, nft_trans_obj(trans));
|
||||||
nft_trans_destroy(trans);
|
nft_trans_destroy(trans);
|
||||||
break;
|
break;
|
||||||
|
@ -1030,7 +1030,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5794,6 +6527,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
|
@@ -5839,6 +6572,7 @@ EXPORT_SYMBOL_GPL(__nft_release_basechai
|
||||||
/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
|
/* Called by nft_unregister_afinfo() from __net_exit path, nfnl_lock is held. */
|
||||||
static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
|
static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
|
||||||
{
|
{
|
||||||
|
@ -1038,7 +1038,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table, *nt;
|
struct nft_table *table, *nt;
|
||||||
struct nft_chain *chain, *nc;
|
struct nft_chain *chain, *nc;
|
||||||
struct nft_object *obj, *ne;
|
struct nft_object *obj, *ne;
|
||||||
@@ -5807,6 +6541,9 @@ static void __nft_release_afinfo(struct
|
@@ -5852,6 +6586,9 @@ static void __nft_release_afinfo(struct
|
||||||
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
list_for_each_entry_safe(table, nt, &afi->tables, list) {
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
nf_tables_unregister_hook(net, table, chain);
|
nf_tables_unregister_hook(net, table, chain);
|
||||||
|
@ -1048,8 +1048,8 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
/* No packets are walking on these chains anymore. */
|
/* No packets are walking on these chains anymore. */
|
||||||
ctx.table = table;
|
ctx.table = table;
|
||||||
list_for_each_entry(chain, &table->chains, list) {
|
list_for_each_entry(chain, &table->chains, list) {
|
||||||
@@ -5817,6 +6554,11 @@ static void __nft_release_afinfo(struct
|
@@ -5862,6 +6599,11 @@ static void __nft_release_afinfo(struct
|
||||||
nf_tables_rule_destroy(&ctx, rule);
|
nf_tables_rule_release(&ctx, rule);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
+ list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
|
+ list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
|
||||||
|
@ -1060,7 +1060,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
list_for_each_entry_safe(set, ns, &table->sets, list) {
|
list_for_each_entry_safe(set, ns, &table->sets, list) {
|
||||||
list_del(&set->list);
|
list_del(&set->list);
|
||||||
table->use--;
|
table->use--;
|
||||||
@@ -5860,6 +6602,8 @@ static int __init nf_tables_module_init(
|
@@ -5905,6 +6647,8 @@ static int __init nf_tables_module_init(
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err3;
|
goto err3;
|
||||||
|
|
||||||
|
@ -1069,7 +1069,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
|
pr_info("nf_tables: (c) 2007-2009 Patrick McHardy <kaber@trash.net>\n");
|
||||||
return register_pernet_subsys(&nf_tables_net_ops);
|
return register_pernet_subsys(&nf_tables_net_ops);
|
||||||
err3:
|
err3:
|
||||||
@@ -5874,6 +6618,7 @@ static void __exit nf_tables_module_exit
|
@@ -5919,6 +6663,7 @@ static void __exit nf_tables_module_exit
|
||||||
{
|
{
|
||||||
unregister_pernet_subsys(&nf_tables_net_ops);
|
unregister_pernet_subsys(&nf_tables_net_ops);
|
||||||
nfnetlink_subsys_unregister(&nf_tables_subsys);
|
nfnetlink_subsys_unregister(&nf_tables_subsys);
|
||||||
|
|
|
@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -963,7 +963,6 @@ enum nft_af_flags {
|
@@ -968,7 +968,6 @@ enum nft_af_flags {
|
||||||
*
|
*
|
||||||
* @list: used internally
|
* @list: used internally
|
||||||
* @family: address family
|
* @family: address family
|
||||||
|
@ -22,7 +22,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @owner: module owner
|
* @owner: module owner
|
||||||
* @tables: used internally
|
* @tables: used internally
|
||||||
* @flags: family flags
|
* @flags: family flags
|
||||||
@@ -971,7 +970,6 @@ enum nft_af_flags {
|
@@ -976,7 +975,6 @@ enum nft_af_flags {
|
||||||
struct nft_af_info {
|
struct nft_af_info {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
int family;
|
int family;
|
||||||
|
@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1328,9 +1328,6 @@ static int nft_chain_parse_hook(struct n
|
@@ -1359,9 +1359,6 @@ static int nft_chain_parse_hook(struct n
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
||||||
|
@ -82,7 +82,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
||||||
|
|
||||||
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
||||||
@@ -4926,7 +4923,7 @@ static int nf_tables_flowtable_parse_hoo
|
@@ -4969,7 +4966,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
|
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
|
||||||
|
|
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5350,7 +5350,7 @@ static int nf_tables_getflowtable(struct
|
@@ -5393,7 +5393,7 @@ static int nf_tables_getflowtable(struct
|
||||||
|
|
||||||
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
|
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
|
||||||
genmask);
|
genmask);
|
||||||
|
|
|
@ -10,7 +10,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -954,10 +954,6 @@ struct nft_table {
|
@@ -959,10 +959,6 @@ struct nft_table {
|
||||||
char *name;
|
char *name;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
/**
|
/**
|
||||||
* struct nft_af_info - nf_tables address family info
|
* struct nft_af_info - nf_tables address family info
|
||||||
*
|
*
|
||||||
@@ -965,14 +961,12 @@ enum nft_af_flags {
|
@@ -970,14 +966,12 @@ enum nft_af_flags {
|
||||||
* @family: address family
|
* @family: address family
|
||||||
* @owner: module owner
|
* @owner: module owner
|
||||||
* @tables: used internally
|
* @tables: used internally
|
||||||
|
@ -38,7 +38,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
int nft_register_afinfo(struct net *, struct nft_af_info *);
|
int nft_register_afinfo(struct net *, struct nft_af_info *);
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -1345,7 +1345,7 @@ static int nft_chain_parse_hook(struct n
|
@@ -1376,7 +1376,7 @@ static int nft_chain_parse_hook(struct n
|
||||||
hook->type = type;
|
hook->type = type;
|
||||||
|
|
||||||
hook->dev = NULL;
|
hook->dev = NULL;
|
||||||
|
|
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -611,10 +611,7 @@ err:
|
@@ -640,10 +640,7 @@ err:
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
{
|
{
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
u32 i = 0;
|
u32 i = 0;
|
||||||
@@ -632,9 +629,7 @@ static void _nf_tables_table_disable(str
|
@@ -661,9 +658,7 @@ static void _nf_tables_table_disable(str
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
{
|
{
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
int err, i = 0;
|
int err, i = 0;
|
||||||
@@ -654,15 +649,13 @@ static int nf_tables_table_enable(struct
|
@@ -683,15 +678,13 @@ static int nf_tables_table_enable(struct
|
||||||
return 0;
|
return 0;
|
||||||
err:
|
err:
|
||||||
if (i)
|
if (i)
|
||||||
|
@ -53,7 +53,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nf_tables_updtable(struct nft_ctx *ctx)
|
static int nf_tables_updtable(struct nft_ctx *ctx)
|
||||||
@@ -691,7 +684,7 @@ static int nf_tables_updtable(struct nft
|
@@ -720,7 +713,7 @@ static int nf_tables_updtable(struct nft
|
||||||
nft_trans_table_enable(trans) = false;
|
nft_trans_table_enable(trans) = false;
|
||||||
} else if (!(flags & NFT_TABLE_F_DORMANT) &&
|
} else if (!(flags & NFT_TABLE_F_DORMANT) &&
|
||||||
ctx->table->flags & NFT_TABLE_F_DORMANT) {
|
ctx->table->flags & NFT_TABLE_F_DORMANT) {
|
||||||
|
@ -62,7 +62,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (ret >= 0) {
|
if (ret >= 0) {
|
||||||
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
|
ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
|
||||||
nft_trans_table_enable(trans) = true;
|
nft_trans_table_enable(trans) = true;
|
||||||
@@ -5728,7 +5721,6 @@ static int nf_tables_commit(struct net *
|
@@ -5771,7 +5764,6 @@ static int nf_tables_commit(struct net *
|
||||||
if (nft_trans_table_update(trans)) {
|
if (nft_trans_table_update(trans)) {
|
||||||
if (!nft_trans_table_enable(trans)) {
|
if (!nft_trans_table_enable(trans)) {
|
||||||
nf_tables_table_disable(net,
|
nf_tables_table_disable(net,
|
||||||
|
@ -70,7 +70,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
trans->ctx.table);
|
trans->ctx.table);
|
||||||
trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
|
trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
|
||||||
}
|
}
|
||||||
@@ -5890,7 +5882,6 @@ static int nf_tables_abort(struct net *n
|
@@ -5933,7 +5925,6 @@ static int nf_tables_abort(struct net *n
|
||||||
if (nft_trans_table_update(trans)) {
|
if (nft_trans_table_update(trans)) {
|
||||||
if (nft_trans_table_enable(trans)) {
|
if (nft_trans_table_enable(trans)) {
|
||||||
nf_tables_table_disable(net,
|
nf_tables_table_disable(net,
|
||||||
|
|
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -423,7 +423,7 @@ static inline u64 nf_tables_alloc_handle
|
@@ -452,7 +452,7 @@ static inline u64 nf_tables_alloc_handle
|
||||||
static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
|
static const struct nf_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
|
||||||
|
|
||||||
static const struct nf_chain_type *
|
static const struct nf_chain_type *
|
||||||
|
@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
@@ -436,22 +436,20 @@ __nf_tables_chain_type_lookup(int family
|
@@ -465,22 +465,20 @@ __nf_tables_chain_type_lookup(int family
|
||||||
}
|
}
|
||||||
|
|
||||||
static const struct nf_chain_type *
|
static const struct nf_chain_type *
|
||||||
|
@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (type != NULL)
|
if (type != NULL)
|
||||||
return ERR_PTR(-EAGAIN);
|
return ERR_PTR(-EAGAIN);
|
||||||
}
|
}
|
||||||
@@ -1325,8 +1323,8 @@ static int nft_chain_parse_hook(struct n
|
@@ -1356,8 +1354,8 @@ static int nft_chain_parse_hook(struct n
|
||||||
|
|
||||||
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT];
|
||||||
if (nla[NFTA_CHAIN_TYPE]) {
|
if (nla[NFTA_CHAIN_TYPE]) {
|
||||||
|
|
|
@ -15,7 +15,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5269,8 +5269,10 @@ static int nf_tables_dump_flowtable_done
|
@@ -5312,8 +5312,10 @@ static int nf_tables_dump_flowtable_done
|
||||||
if (!filter)
|
if (!filter)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
|
@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
bool report;
|
bool report;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -939,6 +939,7 @@ unsigned int nft_do_chain(struct nft_pkt
|
@@ -944,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt
|
||||||
* @use: number of chain references to this table
|
* @use: number of chain references to this table
|
||||||
* @flags: table flag (see enum nft_table_flags)
|
* @flags: table flag (see enum nft_table_flags)
|
||||||
* @genmask: generation mask
|
* @genmask: generation mask
|
||||||
|
@ -50,7 +50,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @name: name of the table
|
* @name: name of the table
|
||||||
*/
|
*/
|
||||||
struct nft_table {
|
struct nft_table {
|
||||||
@@ -951,6 +952,7 @@ struct nft_table {
|
@@ -956,6 +957,7 @@ struct nft_table {
|
||||||
u32 use;
|
u32 use;
|
||||||
u16 flags:14,
|
u16 flags:14,
|
||||||
genmask:2;
|
genmask:2;
|
||||||
|
@ -58,7 +58,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
char *name;
|
char *name;
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -960,13 +962,11 @@ struct nft_table {
|
@@ -965,13 +967,11 @@ struct nft_table {
|
||||||
* @list: used internally
|
* @list: used internally
|
||||||
* @family: address family
|
* @family: address family
|
||||||
* @owner: module owner
|
* @owner: module owner
|
||||||
|
@ -108,7 +108,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
ctx->table = table;
|
ctx->table = table;
|
||||||
ctx->chain = chain;
|
ctx->chain = chain;
|
||||||
ctx->nla = nla;
|
ctx->nla = nla;
|
||||||
@@ -385,30 +384,31 @@ static int nft_delflowtable(struct nft_c
|
@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c
|
||||||
* Tables
|
* Tables
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -146,7 +146,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (table != NULL)
|
if (table != NULL)
|
||||||
return table;
|
return table;
|
||||||
|
|
||||||
@@ -507,7 +507,7 @@ static void nf_tables_table_notify(const
|
@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
|
||||||
|
@ -155,7 +155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
goto err;
|
goto err;
|
||||||
@@ -524,7 +524,6 @@ static int nf_tables_dump_tables(struct
|
@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct
|
||||||
struct netlink_callback *cb)
|
struct netlink_callback *cb)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
|
@ -163,7 +163,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
unsigned int idx = 0, s_idx = cb->args[0];
|
unsigned int idx = 0, s_idx = cb->args[0];
|
||||||
struct net *net = sock_net(skb->sk);
|
struct net *net = sock_net(skb->sk);
|
||||||
@@ -533,30 +532,27 @@ static int nf_tables_dump_tables(struct
|
@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
|
@ -211,7 +211,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
@@ -588,7 +584,8 @@ static int nf_tables_gettable(struct net
|
@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -221,7 +221,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -719,7 +716,7 @@ static int nf_tables_newtable(struct net
|
@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
name = nla[NFTA_TABLE_NAME];
|
name = nla[NFTA_TABLE_NAME];
|
||||||
|
@ -230,7 +230,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table)) {
|
if (IS_ERR(table)) {
|
||||||
if (PTR_ERR(table) != -ENOENT)
|
if (PTR_ERR(table) != -ENOENT)
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -729,7 +726,7 @@ static int nf_tables_newtable(struct net
|
@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net
|
||||||
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
|
@ -239,7 +239,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return nf_tables_updtable(&ctx);
|
return nf_tables_updtable(&ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -756,14 +753,15 @@ static int nf_tables_newtable(struct net
|
@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net
|
||||||
INIT_LIST_HEAD(&table->sets);
|
INIT_LIST_HEAD(&table->sets);
|
||||||
INIT_LIST_HEAD(&table->objects);
|
INIT_LIST_HEAD(&table->objects);
|
||||||
INIT_LIST_HEAD(&table->flowtables);
|
INIT_LIST_HEAD(&table->flowtables);
|
||||||
|
@ -257,7 +257,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return 0;
|
return 0;
|
||||||
err4:
|
err4:
|
||||||
kfree(table->name);
|
kfree(table->name);
|
||||||
@@ -837,30 +835,28 @@ out:
|
@@ -866,30 +864,28 @@ out:
|
||||||
|
|
||||||
static int nft_flush(struct nft_ctx *ctx, int family)
|
static int nft_flush(struct nft_ctx *ctx, int family)
|
||||||
{
|
{
|
||||||
|
@ -301,7 +301,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
out:
|
out:
|
||||||
return err;
|
return err;
|
||||||
@@ -878,7 +874,7 @@ static int nf_tables_deltable(struct net
|
@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
|
|
||||||
|
@ -310,7 +310,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
||||||
return nft_flush(&ctx, family);
|
return nft_flush(&ctx, family);
|
||||||
|
|
||||||
@@ -886,7 +882,8 @@ static int nf_tables_deltable(struct net
|
@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -320,7 +320,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -894,7 +891,7 @@ static int nf_tables_deltable(struct net
|
@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net
|
||||||
table->use > 0)
|
table->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -329,7 +329,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
ctx.table = table;
|
ctx.table = table;
|
||||||
|
|
||||||
return nft_flush_table(&ctx);
|
return nft_flush_table(&ctx);
|
||||||
@@ -906,7 +903,7 @@ static void nf_tables_table_destroy(stru
|
@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru
|
||||||
|
|
||||||
kfree(ctx->table->name);
|
kfree(ctx->table->name);
|
||||||
kfree(ctx->table);
|
kfree(ctx->table);
|
||||||
|
@ -338,7 +338,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
|
|
||||||
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
||||||
@@ -1107,7 +1104,7 @@ static void nf_tables_chain_notify(const
|
@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
|
||||||
|
@ -347,7 +347,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
ctx->chain);
|
ctx->chain);
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
@@ -1125,7 +1122,6 @@ static int nf_tables_dump_chains(struct
|
@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct
|
||||||
struct netlink_callback *cb)
|
struct netlink_callback *cb)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
|
@ -355,7 +355,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
unsigned int idx = 0, s_idx = cb->args[0];
|
unsigned int idx = 0, s_idx = cb->args[0];
|
||||||
@@ -1135,31 +1131,30 @@ static int nf_tables_dump_chains(struct
|
@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
|
@ -407,7 +407,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
@@ -1193,7 +1188,8 @@ static int nf_tables_getchain(struct net
|
@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -417,7 +417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1301,8 +1297,8 @@ struct nft_chain_hook {
|
@@ -1332,8 +1328,8 @@ struct nft_chain_hook {
|
||||||
|
|
||||||
static int nft_chain_parse_hook(struct net *net,
|
static int nft_chain_parse_hook(struct net *net,
|
||||||
const struct nlattr * const nla[],
|
const struct nlattr * const nla[],
|
||||||
|
@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
{
|
{
|
||||||
struct nlattr *ha[NFTA_HOOK_MAX + 1];
|
struct nlattr *ha[NFTA_HOOK_MAX + 1];
|
||||||
const struct nf_chain_type *type;
|
const struct nf_chain_type *type;
|
||||||
@@ -1321,10 +1317,10 @@ static int nft_chain_parse_hook(struct n
|
@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n
|
||||||
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
|
||||||
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
|
||||||
|
|
||||||
|
@ -441,7 +441,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
return PTR_ERR(type);
|
return PTR_ERR(type);
|
||||||
}
|
}
|
||||||
@@ -1336,7 +1332,7 @@ static int nft_chain_parse_hook(struct n
|
@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n
|
||||||
hook->type = type;
|
hook->type = type;
|
||||||
|
|
||||||
hook->dev = NULL;
|
hook->dev = NULL;
|
||||||
|
@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
char ifname[IFNAMSIZ];
|
char ifname[IFNAMSIZ];
|
||||||
|
|
||||||
if (!ha[NFTA_HOOK_DEV]) {
|
if (!ha[NFTA_HOOK_DEV]) {
|
||||||
@@ -1371,7 +1367,6 @@ static int nf_tables_addchain(struct nft
|
@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft
|
||||||
{
|
{
|
||||||
const struct nlattr * const *nla = ctx->nla;
|
const struct nlattr * const *nla = ctx->nla;
|
||||||
struct nft_table *table = ctx->table;
|
struct nft_table *table = ctx->table;
|
||||||
|
@ -458,7 +458,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_base_chain *basechain;
|
struct nft_base_chain *basechain;
|
||||||
struct nft_stats __percpu *stats;
|
struct nft_stats __percpu *stats;
|
||||||
struct net *net = ctx->net;
|
struct net *net = ctx->net;
|
||||||
@@ -1385,7 +1380,7 @@ static int nf_tables_addchain(struct nft
|
@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft
|
||||||
struct nft_chain_hook hook;
|
struct nft_chain_hook hook;
|
||||||
struct nf_hook_ops *ops;
|
struct nf_hook_ops *ops;
|
||||||
|
|
||||||
|
@ -467,7 +467,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
@@ -1478,7 +1473,7 @@ static int nf_tables_updchain(struct nft
|
@@ -1509,7 +1504,7 @@ static int nf_tables_updchain(struct nft
|
||||||
if (!nft_is_base_chain(chain))
|
if (!nft_is_base_chain(chain))
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -476,7 +476,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
create);
|
create);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
@@ -1571,7 +1566,8 @@ static int nf_tables_newchain(struct net
|
@@ -1602,7 +1597,8 @@ static int nf_tables_newchain(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -486,7 +486,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1611,7 +1607,7 @@ static int nf_tables_newchain(struct net
|
@@ -1642,7 +1638,7 @@ static int nf_tables_newchain(struct net
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -495,7 +495,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (chain != NULL) {
|
if (chain != NULL) {
|
||||||
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
||||||
@@ -1645,7 +1641,8 @@ static int nf_tables_delchain(struct net
|
@@ -1676,7 +1672,8 @@ static int nf_tables_delchain(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -505,7 +505,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1657,7 +1654,7 @@ static int nf_tables_delchain(struct net
|
@@ -1688,7 +1685,7 @@ static int nf_tables_delchain(struct net
|
||||||
chain->use > 0)
|
chain->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -514,7 +514,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
use = chain->use;
|
use = chain->use;
|
||||||
list_for_each_entry(rule, &chain->rules, list) {
|
list_for_each_entry(rule, &chain->rules, list) {
|
||||||
@@ -1822,7 +1819,7 @@ static int nf_tables_expr_parse(const st
|
@@ -1853,7 +1850,7 @@ static int nf_tables_expr_parse(const st
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
|
@ -523,7 +523,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
return PTR_ERR(type);
|
return PTR_ERR(type);
|
||||||
|
|
||||||
@@ -2045,7 +2042,7 @@ static void nf_tables_rule_notify(const
|
@@ -2077,7 +2074,7 @@ static void nf_tables_rule_notify(const
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
|
err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
|
||||||
|
@ -532,7 +532,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
ctx->chain, rule);
|
ctx->chain, rule);
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
@@ -2069,7 +2066,6 @@ static int nf_tables_dump_rules(struct s
|
@@ -2101,7 +2098,6 @@ static int nf_tables_dump_rules(struct s
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
const struct nft_rule_dump_ctx *ctx = cb->data;
|
const struct nft_rule_dump_ctx *ctx = cb->data;
|
||||||
|
@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
const struct nft_rule *rule;
|
const struct nft_rule *rule;
|
||||||
@@ -2080,39 +2076,37 @@ static int nf_tables_dump_rules(struct s
|
@@ -2112,39 +2108,37 @@ static int nf_tables_dump_rules(struct s
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
|
@ -605,7 +605,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2190,7 +2184,8 @@ static int nf_tables_getrule(struct net
|
@@ -2222,7 +2216,8 @@ static int nf_tables_getrule(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -615,7 +615,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -2267,7 +2262,8 @@ static int nf_tables_newrule(struct net
|
@@ -2306,7 +2301,8 @@ static int nf_tables_newrule(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -625,7 +625,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -2306,7 +2302,7 @@ static int nf_tables_newrule(struct net
|
@@ -2345,7 +2341,7 @@ static int nf_tables_newrule(struct net
|
||||||
return PTR_ERR(old_rule);
|
return PTR_ERR(old_rule);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -634,7 +634,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
n = 0;
|
n = 0;
|
||||||
size = 0;
|
size = 0;
|
||||||
@@ -2446,7 +2442,8 @@ static int nf_tables_delrule(struct net
|
@@ -2485,7 +2481,8 @@ static int nf_tables_delrule(struct net
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -644,7 +644,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -2457,7 +2454,7 @@ static int nf_tables_delrule(struct net
|
@@ -2496,7 +2493,7 @@ static int nf_tables_delrule(struct net
|
||||||
return PTR_ERR(chain);
|
return PTR_ERR(chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -653,7 +653,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (chain) {
|
if (chain) {
|
||||||
if (nla[NFTA_RULE_HANDLE]) {
|
if (nla[NFTA_RULE_HANDLE]) {
|
||||||
@@ -2655,13 +2652,13 @@ static int nft_ctx_init_from_setattr(str
|
@@ -2694,13 +2691,13 @@ static int nft_ctx_init_from_setattr(str
|
||||||
if (afi == NULL)
|
if (afi == NULL)
|
||||||
return -EAFNOSUPPORT;
|
return -EAFNOSUPPORT;
|
||||||
|
|
||||||
|
@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2788,7 +2785,7 @@ static int nf_tables_fill_set(struct sk_
|
@@ -2827,7 +2824,7 @@ static int nf_tables_fill_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
|
@ -679,7 +679,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -2880,10 +2877,8 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2919,10 +2916,8 @@ static int nf_tables_dump_sets(struct sk
|
||||||
{
|
{
|
||||||
const struct nft_set *set;
|
const struct nft_set *set;
|
||||||
unsigned int idx, s_idx = cb->args[0];
|
unsigned int idx, s_idx = cb->args[0];
|
||||||
|
@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_ctx *ctx = cb->data, ctx_set;
|
struct nft_ctx *ctx = cb->data, ctx_set;
|
||||||
|
|
||||||
if (cb->args[1])
|
if (cb->args[1])
|
||||||
@@ -2892,51 +2887,44 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2931,51 +2926,44 @@ static int nf_tables_dump_sets(struct sk
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
|
@ -771,7 +771,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
cb->args[1] = 1;
|
cb->args[1] = 1;
|
||||||
done:
|
done:
|
||||||
@@ -3146,11 +3134,12 @@ static int nf_tables_newset(struct net *
|
@@ -3185,11 +3173,12 @@ static int nf_tables_newset(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -786,7 +786,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
||||||
if (IS_ERR(set)) {
|
if (IS_ERR(set)) {
|
||||||
@@ -3417,12 +3406,12 @@ static int nft_ctx_init_from_elemattr(st
|
@@ -3458,12 +3447,12 @@ static int nft_ctx_init_from_elemattr(st
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -802,7 +802,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3527,7 +3516,6 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3568,7 +3557,6 @@ static int nf_tables_dump_set(struct sk_
|
||||||
{
|
{
|
||||||
struct nft_set_dump_ctx *dump_ctx = cb->data;
|
struct nft_set_dump_ctx *dump_ctx = cb->data;
|
||||||
struct net *net = sock_net(skb->sk);
|
struct net *net = sock_net(skb->sk);
|
||||||
|
@ -810,7 +810,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_set *set;
|
struct nft_set *set;
|
||||||
struct nft_set_dump_args args;
|
struct nft_set_dump_args args;
|
||||||
@@ -3539,21 +3527,19 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3580,21 +3568,19 @@ static int nf_tables_dump_set(struct sk_
|
||||||
int event;
|
int event;
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
|
@ -841,7 +841,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -3573,7 +3559,7 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3614,7 +3600,7 @@ static int nf_tables_dump_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
|
@ -850,7 +850,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -3675,7 +3661,7 @@ static int nf_tables_fill_setelem_info(s
|
@@ -3716,7 +3702,7 @@ static int nf_tables_fill_setelem_info(s
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
|
@ -859,7 +859,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -3919,7 +3905,7 @@ static int nft_add_set_elem(struct nft_c
|
@@ -3960,7 +3946,7 @@ static int nft_add_set_elem(struct nft_c
|
||||||
list_for_each_entry(binding, &set->bindings, list) {
|
list_for_each_entry(binding, &set->bindings, list) {
|
||||||
struct nft_ctx bind_ctx = {
|
struct nft_ctx bind_ctx = {
|
||||||
.net = ctx->net,
|
.net = ctx->net,
|
||||||
|
@ -868,7 +868,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
.table = ctx->table,
|
.table = ctx->table,
|
||||||
.chain = (struct nft_chain *)binding->chain,
|
.chain = (struct nft_chain *)binding->chain,
|
||||||
};
|
};
|
||||||
@@ -4466,7 +4452,8 @@ static int nf_tables_newobj(struct net *
|
@@ -4509,7 +4495,8 @@ static int nf_tables_newobj(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -878,7 +878,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -4484,7 +4471,7 @@ static int nf_tables_newobj(struct net *
|
@@ -4527,7 +4514,7 @@ static int nf_tables_newobj(struct net *
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -887,7 +887,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
type = nft_obj_type_get(objtype);
|
type = nft_obj_type_get(objtype);
|
||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
@@ -4561,7 +4548,6 @@ struct nft_obj_filter {
|
@@ -4604,7 +4591,6 @@ struct nft_obj_filter {
|
||||||
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
|
static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
|
||||||
|
@ -895,7 +895,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
unsigned int idx = 0, s_idx = cb->args[0];
|
unsigned int idx = 0, s_idx = cb->args[0];
|
||||||
struct nft_obj_filter *filter = cb->data;
|
struct nft_obj_filter *filter = cb->data;
|
||||||
@@ -4576,38 +4562,37 @@ static int nf_tables_dump_obj(struct sk_
|
@@ -4619,38 +4605,37 @@ static int nf_tables_dump_obj(struct sk_
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
|
@ -914,7 +914,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
- if (idx > s_idx)
|
- if (idx > s_idx)
|
||||||
- memset(&cb->args[1], 0,
|
- memset(&cb->args[1], 0,
|
||||||
- sizeof(cb->args) - sizeof(cb->args[0]));
|
- sizeof(cb->args) - sizeof(cb->args[0]));
|
||||||
- if (filter && filter->table[0] &&
|
- if (filter && filter->table &&
|
||||||
- strcmp(filter->table, table->name))
|
- strcmp(filter->table, table->name))
|
||||||
- goto cont;
|
- goto cont;
|
||||||
- if (filter &&
|
- if (filter &&
|
||||||
|
@ -929,7 +929,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
+ if (idx > s_idx)
|
+ if (idx > s_idx)
|
||||||
+ memset(&cb->args[1], 0,
|
+ memset(&cb->args[1], 0,
|
||||||
+ sizeof(cb->args) - sizeof(cb->args[0]));
|
+ sizeof(cb->args) - sizeof(cb->args[0]));
|
||||||
+ if (filter && filter->table[0] &&
|
+ if (filter && filter->table &&
|
||||||
+ strcmp(filter->table, table->name))
|
+ strcmp(filter->table, table->name))
|
||||||
+ goto cont;
|
+ goto cont;
|
||||||
+ if (filter &&
|
+ if (filter &&
|
||||||
|
@ -960,7 +960,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
@@ -4694,7 +4679,8 @@ static int nf_tables_getobj(struct net *
|
@@ -4737,7 +4722,8 @@ static int nf_tables_getobj(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -970,7 +970,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -4754,7 +4740,8 @@ static int nf_tables_delobj(struct net *
|
@@ -4797,7 +4783,8 @@ static int nf_tables_delobj(struct net *
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -980,7 +980,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -4765,7 +4752,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4808,7 +4795,7 @@ static int nf_tables_delobj(struct net *
|
||||||
if (obj->use > 0)
|
if (obj->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -989,7 +989,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
return nft_delobj(&ctx, obj);
|
return nft_delobj(&ctx, obj);
|
||||||
}
|
}
|
||||||
@@ -4803,7 +4790,7 @@ static void nf_tables_obj_notify(const s
|
@@ -4846,7 +4833,7 @@ static void nf_tables_obj_notify(const s
|
||||||
struct nft_object *obj, int event)
|
struct nft_object *obj, int event)
|
||||||
{
|
{
|
||||||
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
|
nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event,
|
||||||
|
@ -998,7 +998,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -4993,7 +4980,7 @@ void nft_flow_table_iterate(struct net *
|
@@ -5036,7 +5023,7 @@ void nft_flow_table_iterate(struct net *
|
||||||
|
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
|
list_for_each_entry_rcu(afi, &net->nft.af_info, list) {
|
||||||
|
@ -1007,7 +1007,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||||
iter(&flowtable->data, data);
|
iter(&flowtable->data, data);
|
||||||
}
|
}
|
||||||
@@ -5041,7 +5028,8 @@ static int nf_tables_newflowtable(struct
|
@@ -5084,7 +5071,8 @@ static int nf_tables_newflowtable(struct
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -1017,7 +1017,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5058,7 +5046,7 @@ static int nf_tables_newflowtable(struct
|
@@ -5101,7 +5089,7 @@ static int nf_tables_newflowtable(struct
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1026,7 +1026,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
||||||
if (!flowtable)
|
if (!flowtable)
|
||||||
@@ -5139,7 +5127,8 @@ static int nf_tables_delflowtable(struct
|
@@ -5182,7 +5170,8 @@ static int nf_tables_delflowtable(struct
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -1036,7 +1036,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5150,7 +5139,7 @@ static int nf_tables_delflowtable(struct
|
@@ -5193,7 +5182,7 @@ static int nf_tables_delflowtable(struct
|
||||||
if (flowtable->use > 0)
|
if (flowtable->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -1045,7 +1045,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
return nft_delflowtable(&ctx, flowtable);
|
return nft_delflowtable(&ctx, flowtable);
|
||||||
}
|
}
|
||||||
@@ -5219,40 +5208,37 @@ static int nf_tables_dump_flowtable(stru
|
@@ -5262,40 +5251,37 @@ static int nf_tables_dump_flowtable(stru
|
||||||
struct net *net = sock_net(skb->sk);
|
struct net *net = sock_net(skb->sk);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
|
@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
+ if (idx > s_idx)
|
+ if (idx > s_idx)
|
||||||
+ memset(&cb->args[1], 0,
|
+ memset(&cb->args[1], 0,
|
||||||
+ sizeof(cb->args) - sizeof(cb->args[0]));
|
+ sizeof(cb->args) - sizeof(cb->args[0]));
|
||||||
+ if (filter && filter->table[0] &&
|
+ if (filter && filter->table &&
|
||||||
+ strcmp(filter->table, table->name))
|
+ strcmp(filter->table, table->name))
|
||||||
+ goto cont;
|
+ goto cont;
|
||||||
|
|
||||||
|
@ -1107,7 +1107,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
done:
|
done:
|
||||||
@@ -5337,7 +5323,8 @@ static int nf_tables_getflowtable(struct
|
@@ -5380,7 +5366,8 @@ static int nf_tables_getflowtable(struct
|
||||||
if (IS_ERR(afi))
|
if (IS_ERR(afi))
|
||||||
return PTR_ERR(afi);
|
return PTR_ERR(afi);
|
||||||
|
|
||||||
|
@ -1117,7 +1117,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5380,7 +5367,7 @@ static void nf_tables_flowtable_notify(s
|
@@ -5423,7 +5410,7 @@ static void nf_tables_flowtable_notify(s
|
||||||
|
|
||||||
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
|
err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
|
||||||
ctx->seq, event, 0,
|
ctx->seq, event, 0,
|
||||||
|
@ -1126,7 +1126,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (err < 0) {
|
if (err < 0) {
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
goto err;
|
goto err;
|
||||||
@@ -5458,17 +5445,14 @@ static int nf_tables_flowtable_event(str
|
@@ -5501,17 +5488,14 @@ static int nf_tables_flowtable_event(str
|
||||||
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
|
@ -1147,7 +1147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
||||||
@@ -6487,6 +6471,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
|
@@ -6532,6 +6516,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||||
static int __net_init nf_tables_init_net(struct net *net)
|
static int __net_init nf_tables_init_net(struct net *net)
|
||||||
{
|
{
|
||||||
INIT_LIST_HEAD(&net->nft.af_info);
|
INIT_LIST_HEAD(&net->nft.af_info);
|
||||||
|
@ -1155,7 +1155,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
INIT_LIST_HEAD(&net->nft.commit_list);
|
INIT_LIST_HEAD(&net->nft.commit_list);
|
||||||
net->nft.base_seq = 1;
|
net->nft.base_seq = 1;
|
||||||
return 0;
|
return 0;
|
||||||
@@ -6523,10 +6508,10 @@ static void __nft_release_afinfo(struct
|
@@ -6568,10 +6553,10 @@ static void __nft_release_afinfo(struct
|
||||||
struct nft_set *set, *ns;
|
struct nft_set *set, *ns;
|
||||||
struct nft_ctx ctx = {
|
struct nft_ctx ctx = {
|
||||||
.net = net,
|
.net = net,
|
||||||
|
@ -1210,7 +1210,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
nfnl_unlock(NFNL_SUBSYS_NFTABLES);
|
||||||
--- a/net/netfilter/nft_compat.c
|
--- a/net/netfilter/nft_compat.c
|
||||||
+++ b/net/netfilter/nft_compat.c
|
+++ b/net/netfilter/nft_compat.c
|
||||||
@@ -144,7 +144,7 @@ nft_target_set_tgchk_param(struct xt_tgc
|
@@ -161,7 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgc
|
||||||
{
|
{
|
||||||
par->net = ctx->net;
|
par->net = ctx->net;
|
||||||
par->table = ctx->table->name;
|
par->table = ctx->table->name;
|
||||||
|
@ -1219,7 +1219,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
entry->e4.ip.proto = proto;
|
entry->e4.ip.proto = proto;
|
||||||
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
|
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
|
||||||
@@ -175,7 +175,7 @@ nft_target_set_tgchk_param(struct xt_tgc
|
@@ -192,7 +192,7 @@ nft_target_set_tgchk_param(struct xt_tgc
|
||||||
} else {
|
} else {
|
||||||
par->hook_mask = 0;
|
par->hook_mask = 0;
|
||||||
}
|
}
|
||||||
|
@ -1228,7 +1228,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
par->nft_compat = true;
|
par->nft_compat = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -267,7 +267,7 @@ nft_target_destroy(const struct nft_ctx
|
@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx
|
||||||
par.net = ctx->net;
|
par.net = ctx->net;
|
||||||
par.target = target;
|
par.target = target;
|
||||||
par.targinfo = info;
|
par.targinfo = info;
|
||||||
|
@ -1237,7 +1237,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (par.target->destroy != NULL)
|
if (par.target->destroy != NULL)
|
||||||
par.target->destroy(&par);
|
par.target->destroy(&par);
|
||||||
|
|
||||||
@@ -358,7 +358,7 @@ nft_match_set_mtchk_param(struct xt_mtch
|
@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch
|
||||||
{
|
{
|
||||||
par->net = ctx->net;
|
par->net = ctx->net;
|
||||||
par->table = ctx->table->name;
|
par->table = ctx->table->name;
|
||||||
|
@ -1246,7 +1246,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
entry->e4.ip.proto = proto;
|
entry->e4.ip.proto = proto;
|
||||||
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
|
entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0;
|
||||||
@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch
|
@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch
|
||||||
} else {
|
} else {
|
||||||
par->hook_mask = 0;
|
par->hook_mask = 0;
|
||||||
}
|
}
|
||||||
|
@ -1255,7 +1255,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
par->nft_compat = true;
|
par->nft_compat = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -446,7 +446,7 @@ nft_match_destroy(const struct nft_ctx *
|
@@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx
|
||||||
par.net = ctx->net;
|
par.net = ctx->net;
|
||||||
par.match = match;
|
par.match = match;
|
||||||
par.matchinfo = info;
|
par.matchinfo = info;
|
||||||
|
@ -1264,7 +1264,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (par.match->destroy != NULL)
|
if (par.match->destroy != NULL)
|
||||||
par.match->destroy(&par);
|
par.match->destroy(&par);
|
||||||
|
|
||||||
@@ -648,7 +648,7 @@ nft_match_select_ops(const struct nft_ct
|
@@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct
|
||||||
|
|
||||||
mt_name = nla_data(tb[NFTA_MATCH_NAME]);
|
mt_name = nla_data(tb[NFTA_MATCH_NAME]);
|
||||||
rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV]));
|
rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV]));
|
||||||
|
@ -1273,7 +1273,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
/* Re-use the existing match if it's already loaded. */
|
/* Re-use the existing match if it's already loaded. */
|
||||||
list_for_each_entry(nft_match, &nft_match_list, head) {
|
list_for_each_entry(nft_match, &nft_match_list, head) {
|
||||||
@@ -733,7 +733,7 @@ nft_target_select_ops(const struct nft_c
|
@@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c
|
||||||
|
|
||||||
tg_name = nla_data(tb[NFTA_TARGET_NAME]);
|
tg_name = nla_data(tb[NFTA_TARGET_NAME]);
|
||||||
rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV]));
|
rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV]));
|
||||||
|
@ -1408,7 +1408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nft_meta.c
|
--- a/net/netfilter/nft_meta.c
|
||||||
+++ b/net/netfilter/nft_meta.c
|
+++ b/net/netfilter/nft_meta.c
|
||||||
@@ -339,7 +339,7 @@ static int nft_meta_get_validate(const s
|
@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s
|
||||||
if (priv->key != NFT_META_SECPATH)
|
if (priv->key != NFT_META_SECPATH)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -1417,7 +1417,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
case NFPROTO_NETDEV:
|
case NFPROTO_NETDEV:
|
||||||
hooks = 1 << NF_NETDEV_INGRESS;
|
hooks = 1 << NF_NETDEV_INGRESS;
|
||||||
break;
|
break;
|
||||||
@@ -370,7 +370,7 @@ int nft_meta_set_validate(const struct n
|
@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n
|
||||||
if (priv->key != NFT_META_PKTTYPE)
|
if (priv->key != NFT_META_PKTTYPE)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
|
@ -21,7 +21,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static struct pernet_operations clusterip_net_ops = {
|
static struct pernet_operations clusterip_net_ops = {
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -6477,6 +6477,12 @@ static int __net_init nf_tables_init_net
|
@@ -6522,6 +6522,12 @@ static int __net_init nf_tables_init_net
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
int __nft_release_basechain(struct nft_ctx *ctx)
|
int __nft_release_basechain(struct nft_ctx *ctx)
|
||||||
{
|
{
|
||||||
struct nft_rule *rule, *nr;
|
struct nft_rule *rule, *nr;
|
||||||
@@ -6554,6 +6560,7 @@ static void __nft_release_afinfo(struct
|
@@ -6599,6 +6605,7 @@ static void __nft_release_afinfo(struct
|
||||||
|
|
||||||
static struct pernet_operations nf_tables_net_ops = {
|
static struct pernet_operations nf_tables_net_ops = {
|
||||||
.init = nf_tables_init_net,
|
.init = nf_tables_init_net,
|
||||||
|
|
|
@ -14,7 +14,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -969,8 +969,8 @@ struct nft_af_info {
|
@@ -974,8 +974,8 @@ struct nft_af_info {
|
||||||
struct module *owner;
|
struct module *owner;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -364,7 +364,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (afi->family == family)
|
if (afi->family == family)
|
||||||
return afi;
|
return afi;
|
||||||
}
|
}
|
||||||
@@ -4975,15 +4973,12 @@ void nft_flow_table_iterate(struct net *
|
@@ -5018,15 +5016,12 @@ void nft_flow_table_iterate(struct net *
|
||||||
void *data)
|
void *data)
|
||||||
{
|
{
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
|
@ -383,7 +383,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
@@ -6468,21 +6463,6 @@ int nft_data_dump(struct sk_buff *skb, i
|
@@ -6513,21 +6508,6 @@ int nft_data_dump(struct sk_buff *skb, i
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nft_data_dump);
|
EXPORT_SYMBOL_GPL(nft_data_dump);
|
||||||
|
|
||||||
|
@ -405,7 +405,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
int __nft_release_basechain(struct nft_ctx *ctx)
|
int __nft_release_basechain(struct nft_ctx *ctx)
|
||||||
{
|
{
|
||||||
struct nft_rule *rule, *nr;
|
struct nft_rule *rule, *nr;
|
||||||
@@ -6503,8 +6483,7 @@ int __nft_release_basechain(struct nft_c
|
@@ -6548,8 +6528,7 @@ int __nft_release_basechain(struct nft_c
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
||||||
|
|
||||||
|
@ -415,7 +415,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
{
|
{
|
||||||
struct nft_flowtable *flowtable, *nf;
|
struct nft_flowtable *flowtable, *nf;
|
||||||
struct nft_table *table, *nt;
|
struct nft_table *table, *nt;
|
||||||
@@ -6514,10 +6493,11 @@ static void __nft_release_afinfo(struct
|
@@ -6559,10 +6538,11 @@ static void __nft_release_afinfo(struct
|
||||||
struct nft_set *set, *ns;
|
struct nft_set *set, *ns;
|
||||||
struct nft_ctx ctx = {
|
struct nft_ctx ctx = {
|
||||||
.net = net,
|
.net = net,
|
||||||
|
@ -428,7 +428,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
nf_tables_unregister_hook(net, table, chain);
|
nf_tables_unregister_hook(net, table, chain);
|
||||||
list_for_each_entry(flowtable, &table->flowtables, list)
|
list_for_each_entry(flowtable, &table->flowtables, list)
|
||||||
@@ -6558,6 +6538,21 @@ static void __nft_release_afinfo(struct
|
@@ -6603,6 +6583,21 @@ static void __nft_release_afinfo(struct
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -950,28 +950,12 @@ struct nft_table {
|
@@ -955,28 +955,12 @@ struct nft_table {
|
||||||
struct list_head flowtables;
|
struct list_head flowtables;
|
||||||
u64 hgenerator;
|
u64 hgenerator;
|
||||||
u32 use;
|
u32 use;
|
||||||
|
@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
int nft_register_chain_type(const struct nf_chain_type *);
|
int nft_register_chain_type(const struct nf_chain_type *);
|
||||||
void nft_unregister_chain_type(const struct nf_chain_type *);
|
void nft_unregister_chain_type(const struct nf_chain_type *);
|
||||||
|
|
||||||
@@ -1139,9 +1123,6 @@ void nft_trace_notify(struct nft_tracein
|
@@ -1144,9 +1128,6 @@ void nft_trace_notify(struct nft_tracein
|
||||||
#define nft_dereference(p) \
|
#define nft_dereference(p) \
|
||||||
nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
|
nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
|
||||||
|
|
||||||
|
@ -323,7 +323,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
static void nft_ctx_init(struct nft_ctx *ctx,
|
static void nft_ctx_init(struct nft_ctx *ctx,
|
||||||
struct net *net,
|
struct net *net,
|
||||||
@@ -390,7 +325,7 @@ static struct nft_table *nft_table_looku
|
@@ -419,7 +354,7 @@ static struct nft_table *nft_table_looku
|
||||||
|
|
||||||
list_for_each_entry(table, &net->nft.tables, list) {
|
list_for_each_entry(table, &net->nft.tables, list) {
|
||||||
if (!nla_strcmp(nla, table->name) &&
|
if (!nla_strcmp(nla, table->name) &&
|
||||||
|
@ -332,7 +332,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
nft_active_genmask(table, genmask))
|
nft_active_genmask(table, genmask))
|
||||||
return table;
|
return table;
|
||||||
}
|
}
|
||||||
@@ -531,7 +466,7 @@ static int nf_tables_dump_tables(struct
|
@@ -560,7 +495,7 @@ static int nf_tables_dump_tables(struct
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
|
@ -341,7 +341,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (idx < s_idx)
|
if (idx < s_idx)
|
||||||
@@ -545,7 +480,7 @@ static int nf_tables_dump_tables(struct
|
@@ -574,7 +509,7 @@ static int nf_tables_dump_tables(struct
|
||||||
NETLINK_CB(cb->skb).portid,
|
NETLINK_CB(cb->skb).portid,
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWTABLE, NLM_F_MULTI,
|
NFT_MSG_NEWTABLE, NLM_F_MULTI,
|
||||||
|
@ -350,7 +350,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
||||||
@@ -565,7 +500,6 @@ static int nf_tables_gettable(struct net
|
@@ -594,7 +529,6 @@ static int nf_tables_gettable(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
|
@ -358,7 +358,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
@@ -578,11 +512,7 @@ static int nf_tables_gettable(struct net
|
@@ -607,11 +541,7 @@ static int nf_tables_gettable(struct net
|
||||||
return netlink_dump_start(nlsk, skb, nlh, &c);
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -371,7 +371,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -702,19 +632,14 @@ static int nf_tables_newtable(struct net
|
@@ -731,19 +661,14 @@ static int nf_tables_newtable(struct net
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
const struct nlattr *name;
|
const struct nlattr *name;
|
||||||
|
@ -392,7 +392,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table)) {
|
if (IS_ERR(table)) {
|
||||||
if (PTR_ERR(table) != -ENOENT)
|
if (PTR_ERR(table) != -ENOENT)
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -724,7 +649,7 @@ static int nf_tables_newtable(struct net
|
@@ -753,7 +678,7 @@ static int nf_tables_newtable(struct net
|
||||||
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
if (nlh->nlmsg_flags & NLM_F_REPLACE)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
|
@ -401,7 +401,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return nf_tables_updtable(&ctx);
|
return nf_tables_updtable(&ctx);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -734,40 +659,34 @@ static int nf_tables_newtable(struct net
|
@@ -763,40 +688,34 @@ static int nf_tables_newtable(struct net
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -450,7 +450,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -838,10 +757,10 @@ static int nft_flush(struct nft_ctx *ctx
|
@@ -867,10 +786,10 @@ static int nft_flush(struct nft_ctx *ctx
|
||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
|
list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
|
||||||
|
@ -463,7 +463,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (!nft_is_active_next(ctx->net, table))
|
if (!nft_is_active_next(ctx->net, table))
|
||||||
continue;
|
continue;
|
||||||
@@ -867,7 +786,6 @@ static int nf_tables_deltable(struct net
|
@@ -896,7 +815,6 @@ static int nf_tables_deltable(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
|
@ -471,7 +471,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -876,11 +794,7 @@ static int nf_tables_deltable(struct net
|
@@ -905,11 +823,7 @@ static int nf_tables_deltable(struct net
|
||||||
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
|
||||||
return nft_flush(&ctx, family);
|
return nft_flush(&ctx, family);
|
||||||
|
|
||||||
|
@ -484,7 +484,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -889,7 +803,7 @@ static int nf_tables_deltable(struct net
|
@@ -918,7 +832,7 @@ static int nf_tables_deltable(struct net
|
||||||
table->use > 0)
|
table->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -493,7 +493,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
ctx.table = table;
|
ctx.table = table;
|
||||||
|
|
||||||
return nft_flush_table(&ctx);
|
return nft_flush_table(&ctx);
|
||||||
@@ -901,7 +815,6 @@ static void nf_tables_table_destroy(stru
|
@@ -930,7 +844,6 @@ static void nf_tables_table_destroy(stru
|
||||||
|
|
||||||
kfree(ctx->table->name);
|
kfree(ctx->table->name);
|
||||||
kfree(ctx->table);
|
kfree(ctx->table);
|
||||||
|
@ -501,7 +501,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
}
|
}
|
||||||
|
|
||||||
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
int nft_register_chain_type(const struct nf_chain_type *ctype)
|
||||||
@@ -1130,7 +1043,7 @@ static int nf_tables_dump_chains(struct
|
@@ -1159,7 +1072,7 @@ static int nf_tables_dump_chains(struct
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
|
@ -510,7 +510,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
list_for_each_entry_rcu(chain, &table->chains, list) {
|
list_for_each_entry_rcu(chain, &table->chains, list) {
|
||||||
@@ -1146,7 +1059,7 @@ static int nf_tables_dump_chains(struct
|
@@ -1175,7 +1088,7 @@ static int nf_tables_dump_chains(struct
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWCHAIN,
|
NFT_MSG_NEWCHAIN,
|
||||||
NLM_F_MULTI,
|
NLM_F_MULTI,
|
||||||
|
@ -519,7 +519,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
chain) < 0)
|
chain) < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -1168,7 +1081,6 @@ static int nf_tables_getchain(struct net
|
@@ -1197,7 +1110,6 @@ static int nf_tables_getchain(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
|
@ -527,7 +527,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
@@ -1182,11 +1094,7 @@ static int nf_tables_getchain(struct net
|
@@ -1211,11 +1123,7 @@ static int nf_tables_getchain(struct net
|
||||||
return netlink_dump_start(nlsk, skb, nlh, &c);
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -540,7 +540,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -1550,7 +1458,6 @@ static int nf_tables_newchain(struct net
|
@@ -1581,7 +1489,6 @@ static int nf_tables_newchain(struct net
|
||||||
const struct nlattr * uninitialized_var(name);
|
const struct nlattr * uninitialized_var(name);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
|
@ -548,7 +548,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
u8 policy = NF_ACCEPT;
|
u8 policy = NF_ACCEPT;
|
||||||
@@ -1560,11 +1467,7 @@ static int nf_tables_newchain(struct net
|
@@ -1591,11 +1498,7 @@ static int nf_tables_newchain(struct net
|
||||||
|
|
||||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||||
|
|
||||||
|
@ -561,7 +561,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -1605,7 +1508,7 @@ static int nf_tables_newchain(struct net
|
@@ -1636,7 +1539,7 @@ static int nf_tables_newchain(struct net
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -570,7 +570,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (chain != NULL) {
|
if (chain != NULL) {
|
||||||
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
if (nlh->nlmsg_flags & NLM_F_EXCL)
|
||||||
@@ -1626,7 +1529,6 @@ static int nf_tables_delchain(struct net
|
@@ -1657,7 +1560,6 @@ static int nf_tables_delchain(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
|
@ -578,7 +578,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
struct nft_rule *rule;
|
struct nft_rule *rule;
|
||||||
@@ -1635,11 +1537,7 @@ static int nf_tables_delchain(struct net
|
@@ -1666,11 +1568,7 @@ static int nf_tables_delchain(struct net
|
||||||
u32 use;
|
u32 use;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
|
@ -591,7 +591,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -1652,7 +1550,7 @@ static int nf_tables_delchain(struct net
|
@@ -1683,7 +1581,7 @@ static int nf_tables_delchain(struct net
|
||||||
chain->use > 0)
|
chain->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -600,7 +600,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
use = chain->use;
|
use = chain->use;
|
||||||
list_for_each_entry(rule, &chain->rules, list) {
|
list_for_each_entry(rule, &chain->rules, list) {
|
||||||
@@ -2075,7 +1973,7 @@ static int nf_tables_dump_rules(struct s
|
@@ -2107,7 +2005,7 @@ static int nf_tables_dump_rules(struct s
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
|
@ -609,7 +609,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
|
if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
|
||||||
@@ -2098,7 +1996,7 @@ static int nf_tables_dump_rules(struct s
|
@@ -2130,7 +2028,7 @@ static int nf_tables_dump_rules(struct s
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWRULE,
|
NFT_MSG_NEWRULE,
|
||||||
NLM_F_MULTI | NLM_F_APPEND,
|
NLM_F_MULTI | NLM_F_APPEND,
|
||||||
|
@ -618,7 +618,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
table, chain, rule) < 0)
|
table, chain, rule) < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -2134,7 +2032,6 @@ static int nf_tables_getrule(struct net
|
@@ -2166,7 +2064,6 @@ static int nf_tables_getrule(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
|
@ -626,7 +626,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
const struct nft_rule *rule;
|
const struct nft_rule *rule;
|
||||||
@@ -2178,11 +2075,7 @@ static int nf_tables_getrule(struct net
|
@@ -2210,11 +2107,7 @@ static int nf_tables_getrule(struct net
|
||||||
return netlink_dump_start(nlsk, skb, nlh, &c);
|
return netlink_dump_start(nlsk, skb, nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -639,7 +639,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -2240,7 +2133,7 @@ static int nf_tables_newrule(struct net
|
@@ -2279,7 +2172,7 @@ static int nf_tables_newrule(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
|
@ -648,7 +648,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_chain *chain;
|
struct nft_chain *chain;
|
||||||
struct nft_rule *rule, *old_rule = NULL;
|
struct nft_rule *rule, *old_rule = NULL;
|
||||||
@@ -2256,11 +2149,7 @@ static int nf_tables_newrule(struct net
|
@@ -2295,11 +2188,7 @@ static int nf_tables_newrule(struct net
|
||||||
|
|
||||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||||
|
|
||||||
|
@ -661,7 +661,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -2300,7 +2189,7 @@ static int nf_tables_newrule(struct net
|
@@ -2339,7 +2228,7 @@ static int nf_tables_newrule(struct net
|
||||||
return PTR_ERR(old_rule);
|
return PTR_ERR(old_rule);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -670,7 +670,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
n = 0;
|
n = 0;
|
||||||
size = 0;
|
size = 0;
|
||||||
@@ -2429,18 +2318,13 @@ static int nf_tables_delrule(struct net
|
@@ -2468,18 +2357,13 @@ static int nf_tables_delrule(struct net
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
|
@ -690,7 +690,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -2452,7 +2336,7 @@ static int nf_tables_delrule(struct net
|
@@ -2491,7 +2375,7 @@ static int nf_tables_delrule(struct net
|
||||||
return PTR_ERR(chain);
|
return PTR_ERR(chain);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -699,7 +699,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (chain) {
|
if (chain) {
|
||||||
if (nla[NFTA_RULE_HANDLE]) {
|
if (nla[NFTA_RULE_HANDLE]) {
|
||||||
@@ -2637,26 +2521,17 @@ static int nft_ctx_init_from_setattr(str
|
@@ -2676,26 +2560,17 @@ static int nft_ctx_init_from_setattr(str
|
||||||
u8 genmask)
|
u8 genmask)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
|
@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2887,7 +2762,7 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2926,7 +2801,7 @@ static int nf_tables_dump_sets(struct sk
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
if (ctx->family != NFPROTO_UNSPEC &&
|
if (ctx->family != NFPROTO_UNSPEC &&
|
||||||
|
@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (ctx->table && ctx->table != table)
|
if (ctx->table && ctx->table != table)
|
||||||
@@ -2908,7 +2783,7 @@ static int nf_tables_dump_sets(struct sk
|
@@ -2947,7 +2822,7 @@ static int nf_tables_dump_sets(struct sk
|
||||||
|
|
||||||
ctx_set = *ctx;
|
ctx_set = *ctx;
|
||||||
ctx_set.table = table;
|
ctx_set.table = table;
|
||||||
|
@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
if (nf_tables_fill_set(skb, &ctx_set, set,
|
if (nf_tables_fill_set(skb, &ctx_set, set,
|
||||||
NFT_MSG_NEWSET,
|
NFT_MSG_NEWSET,
|
||||||
@@ -3020,8 +2895,8 @@ static int nf_tables_newset(struct net *
|
@@ -3059,8 +2934,8 @@ static int nf_tables_newset(struct net *
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
|
@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_set *set;
|
struct nft_set *set;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -3128,16 +3003,12 @@ static int nf_tables_newset(struct net *
|
@@ -3167,16 +3042,12 @@ static int nf_tables_newset(struct net *
|
||||||
|
|
||||||
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
||||||
|
|
||||||
|
@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
||||||
if (IS_ERR(set)) {
|
if (IS_ERR(set)) {
|
||||||
@@ -3397,19 +3268,15 @@ static int nft_ctx_init_from_elemattr(st
|
@@ -3438,19 +3309,15 @@ static int nft_ctx_init_from_elemattr(st
|
||||||
u8 genmask)
|
u8 genmask)
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
|
@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -3527,7 +3394,7 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3568,7 +3435,7 @@ static int nf_tables_dump_set(struct sk_
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
||||||
|
@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (table != dump_ctx->ctx.table)
|
if (table != dump_ctx->ctx.table)
|
||||||
@@ -3557,7 +3424,7 @@ static int nf_tables_dump_set(struct sk_
|
@@ -3598,7 +3465,7 @@ static int nf_tables_dump_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(nlh);
|
||||||
|
@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
nfmsg->version = NFNETLINK_V0;
|
nfmsg->version = NFNETLINK_V0;
|
||||||
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
||||||
|
|
||||||
@@ -4434,7 +4301,6 @@ static int nf_tables_newobj(struct net *
|
@@ -4477,7 +4344,6 @@ static int nf_tables_newobj(struct net *
|
||||||
const struct nft_object_type *type;
|
const struct nft_object_type *type;
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
|
@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -4446,11 +4312,7 @@ static int nf_tables_newobj(struct net *
|
@@ -4489,11 +4355,7 @@ static int nf_tables_newobj(struct net *
|
||||||
!nla[NFTA_OBJ_DATA])
|
!nla[NFTA_OBJ_DATA])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -4469,7 +4331,7 @@ static int nf_tables_newobj(struct net *
|
@@ -4512,7 +4374,7 @@ static int nf_tables_newobj(struct net *
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
type = nft_obj_type_get(objtype);
|
type = nft_obj_type_get(objtype);
|
||||||
if (IS_ERR(type))
|
if (IS_ERR(type))
|
||||||
@@ -4561,7 +4423,7 @@ static int nf_tables_dump_obj(struct sk_
|
@@ -4604,7 +4466,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
|
@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
list_for_each_entry_rcu(obj, &table->objects, list) {
|
list_for_each_entry_rcu(obj, &table->objects, list) {
|
||||||
@@ -4584,7 +4446,7 @@ static int nf_tables_dump_obj(struct sk_
|
@@ -4627,7 +4489,7 @@ static int nf_tables_dump_obj(struct sk_
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWOBJ,
|
NFT_MSG_NEWOBJ,
|
||||||
NLM_F_MULTI | NLM_F_APPEND,
|
NLM_F_MULTI | NLM_F_APPEND,
|
||||||
|
@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
obj, reset) < 0)
|
obj, reset) < 0)
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
@@ -4642,7 +4504,6 @@ static int nf_tables_getobj(struct net *
|
@@ -4685,7 +4547,6 @@ static int nf_tables_getobj(struct net *
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
|
@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
@@ -4673,11 +4534,7 @@ static int nf_tables_getobj(struct net *
|
@@ -4716,11 +4577,7 @@ static int nf_tables_getobj(struct net *
|
||||||
!nla[NFTA_OBJ_TYPE])
|
!nla[NFTA_OBJ_TYPE])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -4724,7 +4581,6 @@ static int nf_tables_delobj(struct net *
|
@@ -4767,7 +4624,6 @@ static int nf_tables_delobj(struct net *
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
|
@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
@@ -4734,11 +4590,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4777,11 +4633,7 @@ static int nf_tables_delobj(struct net *
|
||||||
!nla[NFTA_OBJ_NAME])
|
!nla[NFTA_OBJ_NAME])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
genmask);
|
genmask);
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
@@ -4750,7 +4602,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4793,7 +4645,7 @@ static int nf_tables_delobj(struct net *
|
||||||
if (obj->use > 0)
|
if (obj->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
return nft_delobj(&ctx, obj);
|
return nft_delobj(&ctx, obj);
|
||||||
}
|
}
|
||||||
@@ -4935,33 +4787,31 @@ err1:
|
@@ -4978,33 +4830,31 @@ err1:
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return ERR_PTR(-EAGAIN);
|
return ERR_PTR(-EAGAIN);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@@ -5009,7 +4859,6 @@ static int nf_tables_newflowtable(struct
|
@@ -5052,7 +4902,6 @@ static int nf_tables_newflowtable(struct
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
|
@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
int err, i, k;
|
int err, i, k;
|
||||||
@@ -5019,12 +4868,8 @@ static int nf_tables_newflowtable(struct
|
@@ -5062,12 +4911,8 @@ static int nf_tables_newflowtable(struct
|
||||||
!nla[NFTA_FLOWTABLE_HOOK])
|
!nla[NFTA_FLOWTABLE_HOOK])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5041,7 +4886,7 @@ static int nf_tables_newflowtable(struct
|
@@ -5084,7 +4929,7 @@ static int nf_tables_newflowtable(struct
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
||||||
if (!flowtable)
|
if (!flowtable)
|
||||||
@@ -5054,7 +4899,7 @@ static int nf_tables_newflowtable(struct
|
@@ -5097,7 +4942,7 @@ static int nf_tables_newflowtable(struct
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(type)) {
|
if (IS_ERR(type)) {
|
||||||
err = PTR_ERR(type);
|
err = PTR_ERR(type);
|
||||||
goto err2;
|
goto err2;
|
||||||
@@ -5114,16 +4959,11 @@ static int nf_tables_delflowtable(struct
|
@@ -5157,16 +5002,11 @@ static int nf_tables_delflowtable(struct
|
||||||
u8 genmask = nft_genmask_next(net);
|
u8 genmask = nft_genmask_next(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
|
@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -5134,7 +4974,7 @@ static int nf_tables_delflowtable(struct
|
@@ -5177,7 +5017,7 @@ static int nf_tables_delflowtable(struct
|
||||||
if (flowtable->use > 0)
|
if (flowtable->use > 0)
|
||||||
return -EBUSY;
|
return -EBUSY;
|
||||||
|
|
||||||
|
@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
return nft_delflowtable(&ctx, flowtable);
|
return nft_delflowtable(&ctx, flowtable);
|
||||||
}
|
}
|
||||||
@@ -5209,7 +5049,7 @@ static int nf_tables_dump_flowtable(stru
|
@@ -5252,7 +5092,7 @@ static int nf_tables_dump_flowtable(stru
|
||||||
cb->seq = net->nft.base_seq;
|
cb->seq = net->nft.base_seq;
|
||||||
|
|
||||||
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
||||||
|
@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
||||||
@@ -5228,7 +5068,7 @@ static int nf_tables_dump_flowtable(stru
|
@@ -5271,7 +5111,7 @@ static int nf_tables_dump_flowtable(stru
|
||||||
cb->nlh->nlmsg_seq,
|
cb->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWFLOWTABLE,
|
NFT_MSG_NEWFLOWTABLE,
|
||||||
NLM_F_MULTI | NLM_F_APPEND,
|
NLM_F_MULTI | NLM_F_APPEND,
|
||||||
|
@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
||||||
@@ -5288,7 +5128,6 @@ static int nf_tables_getflowtable(struct
|
@@ -5331,7 +5171,6 @@ static int nf_tables_getflowtable(struct
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
|
@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int err;
|
int err;
|
||||||
@@ -5314,12 +5153,8 @@ static int nf_tables_getflowtable(struct
|
@@ -5357,12 +5196,8 @@ static int nf_tables_getflowtable(struct
|
||||||
if (!nla[NFTA_FLOWTABLE_NAME])
|
if (!nla[NFTA_FLOWTABLE_NAME])
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -6483,7 +6318,7 @@ int __nft_release_basechain(struct nft_c
|
@@ -6528,7 +6363,7 @@ int __nft_release_basechain(struct nft_c
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
||||||
|
|
||||||
|
@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
{
|
{
|
||||||
struct nft_flowtable *flowtable, *nf;
|
struct nft_flowtable *flowtable, *nf;
|
||||||
struct nft_table *table, *nt;
|
struct nft_table *table, *nt;
|
||||||
@@ -6496,7 +6331,7 @@ static void __nft_release_afinfo(struct
|
@@ -6541,7 +6376,7 @@ static void __nft_release_afinfo(struct
|
||||||
};
|
};
|
||||||
|
|
||||||
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
||||||
|
@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
list_for_each_entry(chain, &table->chains, list)
|
list_for_each_entry(chain, &table->chains, list)
|
||||||
nf_tables_unregister_hook(net, table, chain);
|
nf_tables_unregister_hook(net, table, chain);
|
||||||
@@ -6548,7 +6383,7 @@ static int __net_init nf_tables_init_net
|
@@ -6593,7 +6428,7 @@ static int __net_init nf_tables_init_net
|
||||||
|
|
||||||
static void __net_exit nf_tables_exit_net(struct net *net)
|
static void __net_exit nf_tables_exit_net(struct net *net)
|
||||||
{
|
{
|
||||||
|
|
|
@ -17,7 +17,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4825,13 +4825,13 @@ void nft_flow_table_iterate(struct net *
|
@@ -4868,13 +4868,13 @@ void nft_flow_table_iterate(struct net *
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
|
|
||||||
|
|
|
@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
};
|
};
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5210,17 +5210,12 @@ err:
|
@@ -5253,17 +5253,12 @@ err:
|
||||||
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
|
nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -369,6 +369,7 @@ void nft_unregister_set(struct nft_set_t
|
@@ -370,6 +370,7 @@ void nft_unregister_set(struct nft_set_t
|
||||||
* @list: table set list node
|
* @list: table set list node
|
||||||
* @bindings: list of set bindings
|
* @bindings: list of set bindings
|
||||||
* @name: name of the set
|
* @name: name of the set
|
||||||
|
@ -20,7 +20,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @ktype: key type (numeric type defined by userspace, not used in the kernel)
|
* @ktype: key type (numeric type defined by userspace, not used in the kernel)
|
||||||
* @dtype: data type (verdict or numeric type defined by userspace)
|
* @dtype: data type (verdict or numeric type defined by userspace)
|
||||||
* @objtype: object type (see NFT_OBJECT_* definitions)
|
* @objtype: object type (see NFT_OBJECT_* definitions)
|
||||||
@@ -391,6 +392,7 @@ struct nft_set {
|
@@ -392,6 +393,7 @@ struct nft_set {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
struct list_head bindings;
|
struct list_head bindings;
|
||||||
char *name;
|
char *name;
|
||||||
|
@ -28,7 +28,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
u32 ktype;
|
u32 ktype;
|
||||||
u32 dtype;
|
u32 dtype;
|
||||||
u32 objtype;
|
u32 objtype;
|
||||||
@@ -936,6 +938,7 @@ unsigned int nft_do_chain(struct nft_pkt
|
@@ -941,6 +943,7 @@ unsigned int nft_do_chain(struct nft_pkt
|
||||||
* @objects: stateful objects in the table
|
* @objects: stateful objects in the table
|
||||||
* @flowtables: flow tables in the table
|
* @flowtables: flow tables in the table
|
||||||
* @hgenerator: handle generator state
|
* @hgenerator: handle generator state
|
||||||
|
@ -36,7 +36,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @use: number of chain references to this table
|
* @use: number of chain references to this table
|
||||||
* @flags: table flag (see enum nft_table_flags)
|
* @flags: table flag (see enum nft_table_flags)
|
||||||
* @genmask: generation mask
|
* @genmask: generation mask
|
||||||
@@ -949,6 +952,7 @@ struct nft_table {
|
@@ -954,6 +957,7 @@ struct nft_table {
|
||||||
struct list_head objects;
|
struct list_head objects;
|
||||||
struct list_head flowtables;
|
struct list_head flowtables;
|
||||||
u64 hgenerator;
|
u64 hgenerator;
|
||||||
|
@ -44,7 +44,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
u32 use;
|
u32 use;
|
||||||
u16 family:6,
|
u16 family:6,
|
||||||
flags:8,
|
flags:8,
|
||||||
@@ -973,9 +977,9 @@ int nft_verdict_dump(struct sk_buff *skb
|
@@ -978,9 +982,9 @@ int nft_verdict_dump(struct sk_buff *skb
|
||||||
* @name: name of this stateful object
|
* @name: name of this stateful object
|
||||||
* @genmask: generation mask
|
* @genmask: generation mask
|
||||||
* @use: number of references to this stateful object
|
* @use: number of references to this stateful object
|
||||||
|
@ -56,7 +56,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
*/
|
*/
|
||||||
struct nft_object {
|
struct nft_object {
|
||||||
struct list_head list;
|
struct list_head list;
|
||||||
@@ -983,6 +987,7 @@ struct nft_object {
|
@@ -988,6 +992,7 @@ struct nft_object {
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
u32 genmask:2,
|
u32 genmask:2,
|
||||||
use:30;
|
use:30;
|
||||||
|
@ -64,7 +64,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
/* runtime data below here */
|
/* runtime data below here */
|
||||||
const struct nft_object_ops *ops ____cacheline_aligned;
|
const struct nft_object_ops *ops ____cacheline_aligned;
|
||||||
unsigned char data[]
|
unsigned char data[]
|
||||||
@@ -1064,6 +1069,7 @@ void nft_unregister_obj(struct nft_objec
|
@@ -1069,6 +1074,7 @@ void nft_unregister_obj(struct nft_objec
|
||||||
* @ops_len: number of hooks in array
|
* @ops_len: number of hooks in array
|
||||||
* @genmask: generation mask
|
* @genmask: generation mask
|
||||||
* @use: number of references to this flow table
|
* @use: number of references to this flow table
|
||||||
|
@ -72,7 +72,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
* @data: rhashtable and garbage collector
|
* @data: rhashtable and garbage collector
|
||||||
* @ops: array of hooks
|
* @ops: array of hooks
|
||||||
*/
|
*/
|
||||||
@@ -1076,6 +1082,7 @@ struct nft_flowtable {
|
@@ -1081,6 +1087,7 @@ struct nft_flowtable {
|
||||||
int ops_len;
|
int ops_len;
|
||||||
u32 genmask:2,
|
u32 genmask:2,
|
||||||
use:30;
|
use:30;
|
||||||
|
@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
static void nft_ctx_init(struct nft_ctx *ctx,
|
static void nft_ctx_init(struct nft_ctx *ctx,
|
||||||
struct net *net,
|
struct net *net,
|
||||||
@@ -332,6 +333,20 @@ static struct nft_table *nft_table_looku
|
@@ -361,6 +362,20 @@ static struct nft_table *nft_table_looku
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,7 +172,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static struct nft_table *nf_tables_table_lookup(const struct net *net,
|
static struct nft_table *nf_tables_table_lookup(const struct net *net,
|
||||||
const struct nlattr *nla,
|
const struct nlattr *nla,
|
||||||
u8 family, u8 genmask)
|
u8 family, u8 genmask)
|
||||||
@@ -348,6 +363,22 @@ static struct nft_table *nf_tables_table
|
@@ -377,6 +392,22 @@ static struct nft_table *nf_tables_table
|
||||||
return ERR_PTR(-ENOENT);
|
return ERR_PTR(-ENOENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -195,7 +195,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static inline u64 nf_tables_alloc_handle(struct nft_table *table)
|
static inline u64 nf_tables_alloc_handle(struct nft_table *table)
|
||||||
{
|
{
|
||||||
return ++table->hgenerator;
|
return ++table->hgenerator;
|
||||||
@@ -394,6 +425,7 @@ static const struct nla_policy nft_table
|
@@ -423,6 +454,7 @@ static const struct nla_policy nft_table
|
||||||
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
|
[NFTA_TABLE_NAME] = { .type = NLA_STRING,
|
||||||
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
||||||
[NFTA_TABLE_FLAGS] = { .type = NLA_U32 },
|
[NFTA_TABLE_FLAGS] = { .type = NLA_U32 },
|
||||||
|
@ -203,7 +203,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
};
|
};
|
||||||
|
|
||||||
static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
|
static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
|
||||||
@@ -415,7 +447,9 @@ static int nf_tables_fill_table_info(str
|
@@ -444,7 +476,9 @@ static int nf_tables_fill_table_info(str
|
||||||
|
|
||||||
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
|
if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
|
||||||
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
|
nla_put_be32(skb, NFTA_TABLE_FLAGS, htonl(table->flags)) ||
|
||||||
|
@ -214,7 +214,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nlmsg_end(skb, nlh);
|
nlmsg_end(skb, nlh);
|
||||||
@@ -674,6 +708,7 @@ static int nf_tables_newtable(struct net
|
@@ -703,6 +737,7 @@ static int nf_tables_newtable(struct net
|
||||||
INIT_LIST_HEAD(&table->flowtables);
|
INIT_LIST_HEAD(&table->flowtables);
|
||||||
table->family = family;
|
table->family = family;
|
||||||
table->flags = flags;
|
table->flags = flags;
|
||||||
|
@ -222,7 +222,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
|
||||||
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
|
err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
|
||||||
@@ -791,11 +826,18 @@ static int nf_tables_deltable(struct net
|
@@ -820,11 +855,18 @@ static int nf_tables_deltable(struct net
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
|
|
||||||
nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla);
|
nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla);
|
||||||
|
@ -244,7 +244,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
@@ -1534,6 +1576,7 @@ static int nf_tables_delchain(struct net
|
@@ -1565,6 +1607,7 @@ static int nf_tables_delchain(struct net
|
||||||
struct nft_rule *rule;
|
struct nft_rule *rule;
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
|
@ -252,7 +252,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
u32 use;
|
u32 use;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
@@ -1542,7 +1585,12 @@ static int nf_tables_delchain(struct net
|
@@ -1573,7 +1616,12 @@ static int nf_tables_delchain(struct net
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
|
@ -266,7 +266,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(chain))
|
if (IS_ERR(chain))
|
||||||
return PTR_ERR(chain);
|
return PTR_ERR(chain);
|
||||||
|
|
||||||
@@ -2508,6 +2556,7 @@ static const struct nla_policy nft_set_p
|
@@ -2547,6 +2595,7 @@ static const struct nla_policy nft_set_p
|
||||||
[NFTA_SET_USERDATA] = { .type = NLA_BINARY,
|
[NFTA_SET_USERDATA] = { .type = NLA_BINARY,
|
||||||
.len = NFT_USERDATA_MAXLEN },
|
.len = NFT_USERDATA_MAXLEN },
|
||||||
[NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 },
|
[NFTA_SET_OBJ_TYPE] = { .type = NLA_U32 },
|
||||||
|
@ -274,7 +274,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
};
|
};
|
||||||
|
|
||||||
static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
|
static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
|
||||||
@@ -2551,6 +2600,22 @@ static struct nft_set *nf_tables_set_loo
|
@@ -2590,6 +2639,22 @@ static struct nft_set *nf_tables_set_loo
|
||||||
return ERR_PTR(-ENOENT);
|
return ERR_PTR(-ENOENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -297,7 +297,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
|
static struct nft_set *nf_tables_set_lookup_byid(const struct net *net,
|
||||||
const struct nlattr *nla,
|
const struct nlattr *nla,
|
||||||
u8 genmask)
|
u8 genmask)
|
||||||
@@ -2666,6 +2731,9 @@ static int nf_tables_fill_set(struct sk_
|
@@ -2705,6 +2770,9 @@ static int nf_tables_fill_set(struct sk_
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
|
if (nla_put_string(skb, NFTA_SET_NAME, set->name))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
@ -307,7 +307,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (set->flags != 0)
|
if (set->flags != 0)
|
||||||
if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
|
if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
@@ -3074,6 +3142,7 @@ static int nf_tables_newset(struct net *
|
@@ -3113,6 +3181,7 @@ static int nf_tables_newset(struct net *
|
||||||
set->udata = udata;
|
set->udata = udata;
|
||||||
set->timeout = timeout;
|
set->timeout = timeout;
|
||||||
set->gc_int = gc_int;
|
set->gc_int = gc_int;
|
||||||
|
@ -315,7 +315,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
|
|
||||||
err = ops->init(set, &desc, nla);
|
err = ops->init(set, &desc, nla);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -3133,7 +3202,10 @@ static int nf_tables_delset(struct net *
|
@@ -3172,7 +3241,10 @@ static int nf_tables_delset(struct net *
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
|
@ -327,7 +327,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(set))
|
if (IS_ERR(set))
|
||||||
return PTR_ERR(set);
|
return PTR_ERR(set);
|
||||||
|
|
||||||
@@ -4189,6 +4261,21 @@ struct nft_object *nf_tables_obj_lookup(
|
@@ -4232,6 +4304,21 @@ struct nft_object *nf_tables_obj_lookup(
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
|
EXPORT_SYMBOL_GPL(nf_tables_obj_lookup);
|
||||||
|
|
||||||
|
@ -349,7 +349,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
|
static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
|
||||||
[NFTA_OBJ_TABLE] = { .type = NLA_STRING,
|
[NFTA_OBJ_TABLE] = { .type = NLA_STRING,
|
||||||
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
.len = NFT_TABLE_MAXNAMELEN - 1 },
|
||||||
@@ -4196,6 +4283,7 @@ static const struct nla_policy nft_obj_p
|
@@ -4239,6 +4326,7 @@ static const struct nla_policy nft_obj_p
|
||||||
.len = NFT_OBJ_MAXNAMELEN - 1 },
|
.len = NFT_OBJ_MAXNAMELEN - 1 },
|
||||||
[NFTA_OBJ_TYPE] = { .type = NLA_U32 },
|
[NFTA_OBJ_TYPE] = { .type = NLA_U32 },
|
||||||
[NFTA_OBJ_DATA] = { .type = NLA_NESTED },
|
[NFTA_OBJ_DATA] = { .type = NLA_NESTED },
|
||||||
|
@ -357,7 +357,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
};
|
};
|
||||||
|
|
||||||
static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
|
static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
|
||||||
@@ -4343,6 +4431,8 @@ static int nf_tables_newobj(struct net *
|
@@ -4386,6 +4474,8 @@ static int nf_tables_newobj(struct net *
|
||||||
goto err1;
|
goto err1;
|
||||||
}
|
}
|
||||||
obj->table = table;
|
obj->table = table;
|
||||||
|
@ -366,7 +366,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
|
obj->name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL);
|
||||||
if (!obj->name) {
|
if (!obj->name) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
@@ -4389,7 +4479,9 @@ static int nf_tables_fill_obj_info(struc
|
@@ -4432,7 +4522,9 @@ static int nf_tables_fill_obj_info(struc
|
||||||
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
|
nla_put_string(skb, NFTA_OBJ_NAME, obj->name) ||
|
||||||
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
|
nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
|
||||||
nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
|
nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
|
||||||
|
@ -377,7 +377,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
nlmsg_end(skb, nlh);
|
nlmsg_end(skb, nlh);
|
||||||
@@ -4587,7 +4679,7 @@ static int nf_tables_delobj(struct net *
|
@@ -4630,7 +4722,7 @@ static int nf_tables_delobj(struct net *
|
||||||
u32 objtype;
|
u32 objtype;
|
||||||
|
|
||||||
if (!nla[NFTA_OBJ_TYPE] ||
|
if (!nla[NFTA_OBJ_TYPE] ||
|
||||||
|
@ -386,7 +386,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
|
||||||
@@ -4596,7 +4688,12 @@ static int nf_tables_delobj(struct net *
|
@@ -4639,7 +4731,12 @@ static int nf_tables_delobj(struct net *
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
|
objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
|
||||||
|
@ -400,7 +400,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(obj))
|
if (IS_ERR(obj))
|
||||||
return PTR_ERR(obj);
|
return PTR_ERR(obj);
|
||||||
if (obj->use > 0)
|
if (obj->use > 0)
|
||||||
@@ -4668,6 +4765,7 @@ static const struct nla_policy nft_flowt
|
@@ -4711,6 +4808,7 @@ static const struct nla_policy nft_flowt
|
||||||
[NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING,
|
[NFTA_FLOWTABLE_NAME] = { .type = NLA_STRING,
|
||||||
.len = NFT_NAME_MAXLEN - 1 },
|
.len = NFT_NAME_MAXLEN - 1 },
|
||||||
[NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED },
|
[NFTA_FLOWTABLE_HOOK] = { .type = NLA_NESTED },
|
||||||
|
@ -408,7 +408,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
};
|
};
|
||||||
|
|
||||||
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
||||||
@@ -4685,6 +4783,20 @@ struct nft_flowtable *nf_tables_flowtabl
|
@@ -4728,6 +4826,20 @@ struct nft_flowtable *nf_tables_flowtabl
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
|
EXPORT_SYMBOL_GPL(nf_tables_flowtable_lookup);
|
||||||
|
|
||||||
|
@ -429,7 +429,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
#define NFT_FLOWTABLE_DEVICE_MAX 8
|
#define NFT_FLOWTABLE_DEVICE_MAX 8
|
||||||
|
|
||||||
static int nf_tables_parse_devices(const struct nft_ctx *ctx,
|
static int nf_tables_parse_devices(const struct nft_ctx *ctx,
|
||||||
@@ -4893,6 +5005,8 @@ static int nf_tables_newflowtable(struct
|
@@ -4936,6 +5048,8 @@ static int nf_tables_newflowtable(struct
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
flowtable->table = table;
|
flowtable->table = table;
|
||||||
|
@ -438,7 +438,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
|
flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL);
|
||||||
if (!flowtable->name) {
|
if (!flowtable->name) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
@@ -4967,8 +5081,14 @@ static int nf_tables_delflowtable(struct
|
@@ -5010,8 +5124,14 @@ static int nf_tables_delflowtable(struct
|
||||||
if (IS_ERR(table))
|
if (IS_ERR(table))
|
||||||
return PTR_ERR(table);
|
return PTR_ERR(table);
|
||||||
|
|
||||||
|
@ -455,7 +455,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
if (IS_ERR(flowtable))
|
if (IS_ERR(flowtable))
|
||||||
return PTR_ERR(flowtable);
|
return PTR_ERR(flowtable);
|
||||||
if (flowtable->use > 0)
|
if (flowtable->use > 0)
|
||||||
@@ -5001,7 +5121,9 @@ static int nf_tables_fill_flowtable_info
|
@@ -5044,7 +5164,9 @@ static int nf_tables_fill_flowtable_info
|
||||||
|
|
||||||
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
|
if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
|
||||||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
||||||
|
|
|
@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
.owner = THIS_MODULE,
|
.owner = THIS_MODULE,
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -5020,40 +5020,38 @@ static int nf_tables_newflowtable(struct
|
@@ -5063,40 +5063,38 @@ static int nf_tables_newflowtable(struct
|
||||||
}
|
}
|
||||||
|
|
||||||
flowtable->data.type = type;
|
flowtable->data.type = type;
|
||||||
|
@ -285,7 +285,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
err3:
|
err3:
|
||||||
module_put(type->owner);
|
module_put(type->owner);
|
||||||
err2:
|
err2:
|
||||||
@@ -5334,10 +5332,8 @@ err:
|
@@ -5377,10 +5375,8 @@ err:
|
||||||
|
|
||||||
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
|
static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
|
||||||
{
|
{
|
||||||
|
|
|
@ -11,7 +11,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4886,7 +4886,7 @@ static int nf_tables_flowtable_parse_hoo
|
@@ -4929,7 +4929,7 @@ static int nf_tables_flowtable_parse_hoo
|
||||||
flowtable->ops[i].pf = NFPROTO_NETDEV;
|
flowtable->ops[i].pf = NFPROTO_NETDEV;
|
||||||
flowtable->ops[i].hooknum = hooknum;
|
flowtable->ops[i].hooknum = hooknum;
|
||||||
flowtable->ops[i].priority = priority;
|
flowtable->ops[i].priority = priority;
|
||||||
|
|
|
@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
struct delayed_work gc_work;
|
struct delayed_work gc_work;
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
--- a/include/net/netfilter/nf_tables.h
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
+++ b/include/net/netfilter/nf_tables.h
|
||||||
@@ -1091,9 +1091,6 @@ struct nft_flowtable {
|
@@ -1096,9 +1096,6 @@ struct nft_flowtable {
|
||||||
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
struct nft_flowtable *nf_tables_flowtable_lookup(const struct nft_table *table,
|
||||||
const struct nlattr *nla,
|
const struct nlattr *nla,
|
||||||
u8 genmask);
|
u8 genmask);
|
||||||
|
@ -88,7 +88,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
WARN_ON(!nf_flow_offload_gc_step(flow_table));
|
WARN_ON(!nf_flow_offload_gc_step(flow_table));
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4930,23 +4930,6 @@ static const struct nf_flowtable_type *n
|
@@ -4973,23 +4973,6 @@ static const struct nf_flowtable_type *n
|
||||||
return ERR_PTR(-ENOENT);
|
return ERR_PTR(-ENOENT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -54,7 +54,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||||||
+MODULE_LICENSE("GPL");
|
+MODULE_LICENSE("GPL");
|
||||||
--- a/kernel/sched/core.c
|
--- a/kernel/sched/core.c
|
||||||
+++ b/kernel/sched/core.c
|
+++ b/kernel/sched/core.c
|
||||||
@@ -2147,6 +2147,7 @@ int wake_up_state(struct task_struct *p,
|
@@ -2164,6 +2164,7 @@ int wake_up_state(struct task_struct *p,
|
||||||
{
|
{
|
||||||
return try_to_wake_up(p, state, 0);
|
return try_to_wake_up(p, state, 0);
|
||||||
}
|
}
|
||||||
|
|
|
@ -506,7 +506,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
+MODULE_ALIAS("nf-flow-table-hw");
|
+MODULE_ALIAS("nf-flow-table-hw");
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
--- a/net/netfilter/nf_tables_api.c
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
+++ b/net/netfilter/nf_tables_api.c
|
||||||
@@ -4873,6 +4873,14 @@ static int nf_tables_flowtable_parse_hoo
|
@@ -4916,6 +4916,14 @@ static int nf_tables_flowtable_parse_hoo
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err1;
|
goto err1;
|
||||||
|
|
||||||
|
@ -521,7 +521,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
|
ops = kzalloc(sizeof(struct nf_hook_ops) * n, GFP_KERNEL);
|
||||||
if (!ops) {
|
if (!ops) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
@@ -5003,10 +5011,19 @@ static int nf_tables_newflowtable(struct
|
@@ -5046,10 +5054,19 @@ static int nf_tables_newflowtable(struct
|
||||||
}
|
}
|
||||||
|
|
||||||
flowtable->data.type = type;
|
flowtable->data.type = type;
|
||||||
|
@ -541,7 +541,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
||||||
err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
|
err = nf_tables_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],
|
||||||
flowtable);
|
flowtable);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -5104,7 +5121,8 @@ static int nf_tables_fill_flowtable_info
|
@@ -5147,7 +5164,8 @@ static int nf_tables_fill_flowtable_info
|
||||||
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
|
||||||
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
|
nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
|
||||||
nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),
|
nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),
|
||||||
|
|
|
@ -18,7 +18,7 @@ Signed-off-by: John Crispin <blogic@openwrt.org>
|
||||||
|
|
||||||
#include <linux/usb/hcd.h>
|
#include <linux/usb/hcd.h>
|
||||||
#include <linux/usb/ch11.h>
|
#include <linux/usb/ch11.h>
|
||||||
@@ -5134,6 +5135,8 @@ int dwc2_hcd_init(struct dwc2_hsotg *hso
|
@@ -5142,6 +5143,8 @@ int dwc2_hcd_init(struct dwc2_hsotg *hso
|
||||||
|
|
||||||
retval = -ENOMEM;
|
retval = -ENOMEM;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue