|
@@ -11,7 +11,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
--- a/include/net/netfilter/nf_tables.h
|
|
|
+++ b/include/net/netfilter/nf_tables.h
|
|
|
-@@ -956,28 +956,12 @@ struct nft_table {
|
|
|
+@@ -958,28 +958,12 @@ struct nft_table {
|
|
|
struct list_head flowtables;
|
|
|
u64 hgenerator;
|
|
|
u32 use;
|
|
@@ -42,7 +42,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
int nft_register_chain_type(const struct nf_chain_type *);
|
|
|
void nft_unregister_chain_type(const struct nf_chain_type *);
|
|
|
|
|
|
-@@ -1145,9 +1129,6 @@ void nft_trace_notify(struct nft_tracein
|
|
|
+@@ -1147,9 +1131,6 @@ void nft_trace_notify(struct nft_tracein
|
|
|
#define nft_dereference(p) \
|
|
|
nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
|
|
|
|
|
@@ -729,7 +729,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-@@ -2959,7 +2834,7 @@ static int nf_tables_dump_sets(struct sk
|
|
|
+@@ -2960,7 +2835,7 @@ static int nf_tables_dump_sets(struct sk
|
|
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
|
if (ctx->family != NFPROTO_UNSPEC &&
|
|
@@ -738,7 +738,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
continue;
|
|
|
|
|
|
if (ctx->table && ctx->table != table)
|
|
|
-@@ -2980,7 +2855,7 @@ static int nf_tables_dump_sets(struct sk
|
|
|
+@@ -2981,7 +2856,7 @@ static int nf_tables_dump_sets(struct sk
|
|
|
|
|
|
ctx_set = *ctx;
|
|
|
ctx_set.table = table;
|
|
@@ -747,7 +747,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
if (nf_tables_fill_set(skb, &ctx_set, set,
|
|
|
NFT_MSG_NEWSET,
|
|
|
-@@ -3092,8 +2967,8 @@ static int nf_tables_newset(struct net *
|
|
|
+@@ -3093,8 +2968,8 @@ static int nf_tables_newset(struct net *
|
|
|
{
|
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
|
u8 genmask = nft_genmask_next(net);
|
|
@@ -757,7 +757,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
struct nft_table *table;
|
|
|
struct nft_set *set;
|
|
|
struct nft_ctx ctx;
|
|
|
-@@ -3203,16 +3078,12 @@ static int nf_tables_newset(struct net *
|
|
|
+@@ -3204,16 +3079,12 @@ static int nf_tables_newset(struct net *
|
|
|
|
|
|
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
|
|
|
|
|
@@ -776,7 +776,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
|
|
|
if (IS_ERR(set)) {
|
|
|
-@@ -3474,19 +3345,15 @@ static int nft_ctx_init_from_elemattr(st
|
|
|
+@@ -3475,19 +3346,15 @@ static int nft_ctx_init_from_elemattr(st
|
|
|
u8 genmask)
|
|
|
{
|
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
@@ -799,7 +799,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-@@ -3604,7 +3471,7 @@ static int nf_tables_dump_set(struct sk_
|
|
|
+@@ -3605,7 +3472,7 @@ static int nf_tables_dump_set(struct sk_
|
|
|
rcu_read_lock();
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
|
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
|
|
@@ -808,7 +808,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
continue;
|
|
|
|
|
|
if (table != dump_ctx->ctx.table)
|
|
|
-@@ -3634,7 +3501,7 @@ static int nf_tables_dump_set(struct sk_
|
|
|
+@@ -3635,7 +3502,7 @@ static int nf_tables_dump_set(struct sk_
|
|
|
goto nla_put_failure;
|
|
|
|
|
|
nfmsg = nlmsg_data(nlh);
|
|
@@ -817,7 +817,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
nfmsg->version = NFNETLINK_V0;
|
|
|
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
|
|
|
|
|
|
-@@ -4522,7 +4389,6 @@ static int nf_tables_newobj(struct net *
|
|
|
+@@ -4523,7 +4390,6 @@ static int nf_tables_newobj(struct net *
|
|
|
const struct nft_object_type *type;
|
|
|
u8 genmask = nft_genmask_next(net);
|
|
|
int family = nfmsg->nfgen_family;
|
|
@@ -825,7 +825,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
struct nft_table *table;
|
|
|
struct nft_object *obj;
|
|
|
struct nft_ctx ctx;
|
|
|
-@@ -4534,11 +4400,7 @@ static int nf_tables_newobj(struct net *
|
|
|
+@@ -4535,11 +4401,7 @@ static int nf_tables_newobj(struct net *
|
|
|
!nla[NFTA_OBJ_DATA])
|
|
|
return -EINVAL;
|
|
|
|
|
@@ -838,7 +838,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
genmask);
|
|
|
if (IS_ERR(table))
|
|
|
return PTR_ERR(table);
|
|
|
-@@ -4557,7 +4419,7 @@ static int nf_tables_newobj(struct net *
|
|
|
+@@ -4558,7 +4420,7 @@ static int nf_tables_newobj(struct net *
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
@@ -847,7 +847,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
type = nft_obj_type_get(objtype);
|
|
|
if (IS_ERR(type))
|
|
|
-@@ -4649,7 +4511,7 @@ static int nf_tables_dump_obj(struct sk_
|
|
|
+@@ -4650,7 +4512,7 @@ static int nf_tables_dump_obj(struct sk_
|
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
@@ -856,7 +856,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
continue;
|
|
|
|
|
|
list_for_each_entry_rcu(obj, &table->objects, list) {
|
|
|
-@@ -4672,7 +4534,7 @@ static int nf_tables_dump_obj(struct sk_
|
|
|
+@@ -4673,7 +4535,7 @@ static int nf_tables_dump_obj(struct sk_
|
|
|
cb->nlh->nlmsg_seq,
|
|
|
NFT_MSG_NEWOBJ,
|
|
|
NLM_F_MULTI | NLM_F_APPEND,
|
|
@@ -865,7 +865,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
obj, reset) < 0)
|
|
|
goto done;
|
|
|
|
|
|
-@@ -4730,7 +4592,6 @@ static int nf_tables_getobj(struct net *
|
|
|
+@@ -4731,7 +4593,6 @@ static int nf_tables_getobj(struct net *
|
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
|
u8 genmask = nft_genmask_cur(net);
|
|
|
int family = nfmsg->nfgen_family;
|
|
@@ -873,7 +873,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
const struct nft_table *table;
|
|
|
struct nft_object *obj;
|
|
|
struct sk_buff *skb2;
|
|
|
-@@ -4761,11 +4622,7 @@ static int nf_tables_getobj(struct net *
|
|
|
+@@ -4762,11 +4623,7 @@ static int nf_tables_getobj(struct net *
|
|
|
!nla[NFTA_OBJ_TYPE])
|
|
|
return -EINVAL;
|
|
|
|
|
@@ -886,7 +886,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
genmask);
|
|
|
if (IS_ERR(table))
|
|
|
return PTR_ERR(table);
|
|
|
-@@ -4812,7 +4669,6 @@ static int nf_tables_delobj(struct net *
|
|
|
+@@ -4813,7 +4670,6 @@ static int nf_tables_delobj(struct net *
|
|
|
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
|
|
u8 genmask = nft_genmask_next(net);
|
|
|
int family = nfmsg->nfgen_family;
|
|
@@ -894,7 +894,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
struct nft_table *table;
|
|
|
struct nft_object *obj;
|
|
|
struct nft_ctx ctx;
|
|
|
-@@ -4822,11 +4678,7 @@ static int nf_tables_delobj(struct net *
|
|
|
+@@ -4823,11 +4679,7 @@ static int nf_tables_delobj(struct net *
|
|
|
!nla[NFTA_OBJ_NAME])
|
|
|
return -EINVAL;
|
|
|
|
|
@@ -907,7 +907,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
genmask);
|
|
|
if (IS_ERR(table))
|
|
|
return PTR_ERR(table);
|
|
|
-@@ -4838,7 +4690,7 @@ static int nf_tables_delobj(struct net *
|
|
|
+@@ -4839,7 +4691,7 @@ static int nf_tables_delobj(struct net *
|
|
|
if (obj->use > 0)
|
|
|
return -EBUSY;
|
|
|
|
|
@@ -916,7 +916,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
return nft_delobj(&ctx, obj);
|
|
|
}
|
|
|
-@@ -5023,33 +4875,31 @@ err1:
|
|
|
+@@ -5024,33 +4876,31 @@ err1:
|
|
|
return err;
|
|
|
}
|
|
|
|
|
@@ -956,7 +956,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
return ERR_PTR(-EAGAIN);
|
|
|
}
|
|
|
#endif
|
|
|
-@@ -5097,7 +4947,6 @@ static int nf_tables_newflowtable(struct
|
|
|
+@@ -5098,7 +4948,6 @@ static int nf_tables_newflowtable(struct
|
|
|
u8 genmask = nft_genmask_next(net);
|
|
|
int family = nfmsg->nfgen_family;
|
|
|
struct nft_flowtable *flowtable;
|
|
@@ -964,7 +964,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
struct nft_table *table;
|
|
|
struct nft_ctx ctx;
|
|
|
int err, i, k;
|
|
|
-@@ -5107,12 +4956,8 @@ static int nf_tables_newflowtable(struct
|
|
|
+@@ -5108,12 +4957,8 @@ static int nf_tables_newflowtable(struct
|
|
|
!nla[NFTA_FLOWTABLE_HOOK])
|
|
|
return -EINVAL;
|
|
|
|
|
@@ -978,7 +978,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
if (IS_ERR(table))
|
|
|
return PTR_ERR(table);
|
|
|
|
|
|
-@@ -5129,7 +4974,7 @@ static int nf_tables_newflowtable(struct
|
|
|
+@@ -5130,7 +4975,7 @@ static int nf_tables_newflowtable(struct
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
@@ -987,7 +987,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
|
|
|
if (!flowtable)
|
|
|
-@@ -5142,7 +4987,7 @@ static int nf_tables_newflowtable(struct
|
|
|
+@@ -5143,7 +4988,7 @@ static int nf_tables_newflowtable(struct
|
|
|
goto err1;
|
|
|
}
|
|
|
|
|
@@ -996,7 +996,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
if (IS_ERR(type)) {
|
|
|
err = PTR_ERR(type);
|
|
|
goto err2;
|
|
|
-@@ -5202,16 +5047,11 @@ static int nf_tables_delflowtable(struct
|
|
|
+@@ -5203,16 +5048,11 @@ static int nf_tables_delflowtable(struct
|
|
|
u8 genmask = nft_genmask_next(net);
|
|
|
int family = nfmsg->nfgen_family;
|
|
|
struct nft_flowtable *flowtable;
|
|
@@ -1014,7 +1014,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
if (IS_ERR(table))
|
|
|
return PTR_ERR(table);
|
|
|
|
|
|
-@@ -5222,7 +5062,7 @@ static int nf_tables_delflowtable(struct
|
|
|
+@@ -5223,7 +5063,7 @@ static int nf_tables_delflowtable(struct
|
|
|
if (flowtable->use > 0)
|
|
|
return -EBUSY;
|
|
|
|
|
@@ -1023,7 +1023,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
return nft_delflowtable(&ctx, flowtable);
|
|
|
}
|
|
|
-@@ -5297,7 +5137,7 @@ static int nf_tables_dump_flowtable(stru
|
|
|
+@@ -5298,7 +5138,7 @@ static int nf_tables_dump_flowtable(stru
|
|
|
cb->seq = net->nft.base_seq;
|
|
|
|
|
|
list_for_each_entry_rcu(table, &net->nft.tables, list) {
|
|
@@ -1032,7 +1032,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
continue;
|
|
|
|
|
|
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
|
|
|
-@@ -5316,7 +5156,7 @@ static int nf_tables_dump_flowtable(stru
|
|
|
+@@ -5317,7 +5157,7 @@ static int nf_tables_dump_flowtable(stru
|
|
|
cb->nlh->nlmsg_seq,
|
|
|
NFT_MSG_NEWFLOWTABLE,
|
|
|
NLM_F_MULTI | NLM_F_APPEND,
|
|
@@ -1041,7 +1041,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
goto done;
|
|
|
|
|
|
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
|
|
|
-@@ -5376,7 +5216,6 @@ static int nf_tables_getflowtable(struct
|
|
|
+@@ -5377,7 +5217,6 @@ static int nf_tables_getflowtable(struct
|
|
|
u8 genmask = nft_genmask_cur(net);
|
|
|
int family = nfmsg->nfgen_family;
|
|
|
struct nft_flowtable *flowtable;
|
|
@@ -1049,7 +1049,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
const struct nft_table *table;
|
|
|
struct sk_buff *skb2;
|
|
|
int err;
|
|
|
-@@ -5402,12 +5241,8 @@ static int nf_tables_getflowtable(struct
|
|
|
+@@ -5403,12 +5242,8 @@ static int nf_tables_getflowtable(struct
|
|
|
if (!nla[NFTA_FLOWTABLE_NAME])
|
|
|
return -EINVAL;
|
|
|
|
|
@@ -1063,7 +1063,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
if (IS_ERR(table))
|
|
|
return PTR_ERR(table);
|
|
|
|
|
|
-@@ -6578,7 +6413,7 @@ int __nft_release_basechain(struct nft_c
|
|
|
+@@ -6579,7 +6414,7 @@ int __nft_release_basechain(struct nft_c
|
|
|
}
|
|
|
EXPORT_SYMBOL_GPL(__nft_release_basechain);
|
|
|
|
|
@@ -1072,7 +1072,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
{
|
|
|
struct nft_flowtable *flowtable, *nf;
|
|
|
struct nft_table *table, *nt;
|
|
|
-@@ -6591,7 +6426,7 @@ static void __nft_release_afinfo(struct
|
|
|
+@@ -6592,7 +6427,7 @@ static void __nft_release_afinfo(struct
|
|
|
};
|
|
|
|
|
|
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
|
|
@@ -1081,7 +1081,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
|
|
|
list_for_each_entry(chain, &table->chains, list)
|
|
|
nf_tables_unregister_hook(net, table, chain);
|
|
|
-@@ -6643,7 +6478,7 @@ static int __net_init nf_tables_init_net
|
|
|
+@@ -6644,7 +6479,7 @@ static int __net_init nf_tables_init_net
|
|
|
|
|
|
static void __net_exit nf_tables_exit_net(struct net *net)
|
|
|
{
|