netfilter: nfnetlink: pass struct nfnl_info to rcu callbacks
Update rcu callbacks to use the nfnl_info structure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
@@ -17,10 +17,8 @@ struct nfnl_info {
|
|||||||
struct nfnl_callback {
|
struct nfnl_callback {
|
||||||
int (*call)(struct sk_buff *skb, const struct nfnl_info *info,
|
int (*call)(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
const struct nlattr * const cda[]);
|
const struct nlattr * const cda[]);
|
||||||
int (*call_rcu)(struct net *net, struct sock *nl, struct sk_buff *skb,
|
int (*call_rcu)(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
const struct nlmsghdr *nlh,
|
const struct nlattr * const cda[]);
|
||||||
const struct nlattr * const cda[],
|
|
||||||
struct netlink_ext_ack *extack);
|
|
||||||
int (*call_batch)(struct net *net, struct sock *nl, struct sk_buff *skb,
|
int (*call_batch)(struct net *net, struct sock *nl, struct sk_buff *skb,
|
||||||
const struct nlmsghdr *nlh,
|
const struct nlmsghdr *nlh,
|
||||||
const struct nlattr * const cda[],
|
const struct nlattr * const cda[],
|
||||||
|
|||||||
@@ -858,25 +858,25 @@ static int nft_netlink_dump_start_rcu(struct sock *nlsk, struct sk_buff *skb,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_gettable(struct net *net, struct sock *nlsk,
|
static int nf_tables_gettable(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
struct netlink_ext_ack *extack = info->extack;
|
||||||
const struct nft_table *table;
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
struct sk_buff *skb2;
|
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
|
const struct nft_table *table;
|
||||||
|
struct net *net = info->net;
|
||||||
|
struct sk_buff *skb2;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.dump = nf_tables_dump_tables,
|
.dump = nf_tables_dump_tables,
|
||||||
.module = THIS_MODULE,
|
.module = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
table = nft_table_lookup(net, nla[NFTA_TABLE_NAME], family, genmask, 0);
|
table = nft_table_lookup(net, nla[NFTA_TABLE_NAME], family, genmask, 0);
|
||||||
@@ -890,8 +890,8 @@ static int nf_tables_gettable(struct net *net, struct sock *nlsk,
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
err = nf_tables_fill_table_info(skb2, net, NETLINK_CB(skb).portid,
|
err = nf_tables_fill_table_info(skb2, net, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq, NFT_MSG_NEWTABLE, 0,
|
info->nlh->nlmsg_seq, NFT_MSG_NEWTABLE,
|
||||||
family, table);
|
0, family, table);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err_fill_table_info;
|
goto err_fill_table_info;
|
||||||
|
|
||||||
@@ -1623,26 +1623,26 @@ done:
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_getchain(struct net *net, struct sock *nlsk,
|
static int nf_tables_getchain(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
struct netlink_ext_ack *extack = info->extack;
|
||||||
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
|
int family = nfmsg->nfgen_family;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
|
struct net *net = info->net;
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int family = nfmsg->nfgen_family;
|
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.dump = nf_tables_dump_chains,
|
.dump = nf_tables_dump_chains,
|
||||||
.module = THIS_MODULE,
|
.module = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask, 0);
|
table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask, 0);
|
||||||
@@ -1662,8 +1662,8 @@ static int nf_tables_getchain(struct net *net, struct sock *nlsk,
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
err = nf_tables_fill_chain_info(skb2, net, NETLINK_CB(skb).portid,
|
err = nf_tables_fill_chain_info(skb2, net, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq, NFT_MSG_NEWCHAIN, 0,
|
info->nlh->nlmsg_seq, NFT_MSG_NEWCHAIN,
|
||||||
family, table, chain);
|
0, family, table, chain);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err_fill_chain_info;
|
goto err_fill_chain_info;
|
||||||
|
|
||||||
@@ -3076,21 +3076,21 @@ static int nf_tables_dump_rules_done(struct netlink_callback *cb)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_getrule(struct net *net, struct sock *nlsk,
|
static int nf_tables_getrule(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
struct netlink_ext_ack *extack = info->extack;
|
||||||
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
|
int family = nfmsg->nfgen_family;
|
||||||
const struct nft_chain *chain;
|
const struct nft_chain *chain;
|
||||||
const struct nft_rule *rule;
|
const struct nft_rule *rule;
|
||||||
|
struct net *net = info->net;
|
||||||
struct nft_table *table;
|
struct nft_table *table;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int family = nfmsg->nfgen_family;
|
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.start= nf_tables_dump_rules_start,
|
.start= nf_tables_dump_rules_start,
|
||||||
.dump = nf_tables_dump_rules,
|
.dump = nf_tables_dump_rules,
|
||||||
@@ -3099,7 +3099,7 @@ static int nf_tables_getrule(struct net *net, struct sock *nlsk,
|
|||||||
.data = (void *)nla,
|
.data = (void *)nla,
|
||||||
};
|
};
|
||||||
|
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask, 0);
|
table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask, 0);
|
||||||
@@ -3125,7 +3125,7 @@ static int nf_tables_getrule(struct net *net, struct sock *nlsk,
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
err = nf_tables_fill_rule_info(skb2, net, NETLINK_CB(skb).portid,
|
err = nf_tables_fill_rule_info(skb2, net, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq, NFT_MSG_NEWRULE, 0,
|
info->nlh->nlmsg_seq, NFT_MSG_NEWRULE, 0,
|
||||||
family, table, chain, rule, NULL);
|
family, table, chain, rule, NULL);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err_fill_rule_info;
|
goto err_fill_rule_info;
|
||||||
@@ -4045,25 +4045,25 @@ static int nf_tables_dump_sets_done(struct netlink_callback *cb)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_getset(struct net *net, struct sock *nlsk,
|
static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
u8 genmask = nft_genmask_cur(net);
|
const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
|
struct netlink_ext_ack *extack = info->extack;
|
||||||
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
|
struct net *net = info->net;
|
||||||
const struct nft_set *set;
|
const struct nft_set *set;
|
||||||
struct nft_ctx ctx;
|
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
struct nft_ctx ctx;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
/* Verify existence before starting dump */
|
/* Verify existence before starting dump */
|
||||||
err = nft_ctx_init_from_setattr(&ctx, net, skb, nlh, nla, extack,
|
err = nft_ctx_init_from_setattr(&ctx, net, skb, info->nlh, nla, extack,
|
||||||
genmask, 0);
|
genmask, 0);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.start = nf_tables_dump_sets_start,
|
.start = nf_tables_dump_sets_start,
|
||||||
.dump = nf_tables_dump_sets,
|
.dump = nf_tables_dump_sets,
|
||||||
@@ -4072,7 +4072,7 @@ static int nf_tables_getset(struct net *net, struct sock *nlsk,
|
|||||||
.module = THIS_MODULE,
|
.module = THIS_MODULE,
|
||||||
};
|
};
|
||||||
|
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Only accept unspec with dump */
|
/* Only accept unspec with dump */
|
||||||
@@ -5063,18 +5063,19 @@ err_fill_setelem:
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_getsetelem(struct net *net, struct sock *nlsk,
|
static int nf_tables_getsetelem(struct sk_buff *skb,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nfnl_info *info,
|
||||||
const struct nlattr * const nla[],
|
const struct nlattr * const nla[])
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
u8 genmask = nft_genmask_cur(net);
|
struct netlink_ext_ack *extack = info->extack;
|
||||||
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
|
struct net *net = info->net;
|
||||||
struct nft_set *set;
|
struct nft_set *set;
|
||||||
struct nlattr *attr;
|
struct nlattr *attr;
|
||||||
struct nft_ctx ctx;
|
struct nft_ctx ctx;
|
||||||
int rem, err = 0;
|
int rem, err = 0;
|
||||||
|
|
||||||
err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, extack,
|
err = nft_ctx_init_from_elemattr(&ctx, net, skb, info->nlh, nla, extack,
|
||||||
genmask, NETLINK_CB(skb).portid);
|
genmask, NETLINK_CB(skb).portid);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
@@ -5083,7 +5084,7 @@ static int nf_tables_getsetelem(struct net *net, struct sock *nlsk,
|
|||||||
if (IS_ERR(set))
|
if (IS_ERR(set))
|
||||||
return PTR_ERR(set);
|
return PTR_ERR(set);
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.start = nf_tables_dump_set_start,
|
.start = nf_tables_dump_set_start,
|
||||||
.dump = nf_tables_dump_set,
|
.dump = nf_tables_dump_set,
|
||||||
@@ -5096,7 +5097,7 @@ static int nf_tables_getsetelem(struct net *net, struct sock *nlsk,
|
|||||||
};
|
};
|
||||||
|
|
||||||
c.data = &dump_ctx;
|
c.data = &dump_ctx;
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])
|
if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])
|
||||||
@@ -6416,22 +6417,22 @@ static int nf_tables_dump_obj_done(struct netlink_callback *cb)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_getobj(struct net *net, struct sock *nlsk,
|
static int nf_tables_getobj(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
struct netlink_ext_ack *extack = info->extack;
|
||||||
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
|
struct net *net = info->net;
|
||||||
struct nft_object *obj;
|
struct nft_object *obj;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
bool reset = false;
|
bool reset = false;
|
||||||
u32 objtype;
|
u32 objtype;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.start = nf_tables_dump_obj_start,
|
.start = nf_tables_dump_obj_start,
|
||||||
.dump = nf_tables_dump_obj,
|
.dump = nf_tables_dump_obj,
|
||||||
@@ -6440,7 +6441,7 @@ static int nf_tables_getobj(struct net *net, struct sock *nlsk,
|
|||||||
.data = (void *)nla,
|
.data = (void *)nla,
|
||||||
};
|
};
|
||||||
|
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!nla[NFTA_OBJ_NAME] ||
|
if (!nla[NFTA_OBJ_NAME] ||
|
||||||
@@ -6464,7 +6465,7 @@ static int nf_tables_getobj(struct net *net, struct sock *nlsk,
|
|||||||
if (!skb2)
|
if (!skb2)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
if (NFNL_MSG_TYPE(nlh->nlmsg_type) == NFT_MSG_GETOBJ_RESET)
|
if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETOBJ_RESET)
|
||||||
reset = true;
|
reset = true;
|
||||||
|
|
||||||
if (reset) {
|
if (reset) {
|
||||||
@@ -6483,7 +6484,7 @@ static int nf_tables_getobj(struct net *net, struct sock *nlsk,
|
|||||||
}
|
}
|
||||||
|
|
||||||
err = nf_tables_fill_obj_info(skb2, net, NETLINK_CB(skb).portid,
|
err = nf_tables_fill_obj_info(skb2, net, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq, NFT_MSG_NEWOBJ, 0,
|
info->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, 0,
|
||||||
family, table, obj, reset);
|
family, table, obj, reset);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err_fill_obj_info;
|
goto err_fill_obj_info;
|
||||||
@@ -7320,21 +7321,20 @@ static int nf_tables_dump_flowtable_done(struct netlink_callback *cb)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* called with rcu_read_lock held */
|
/* called with rcu_read_lock held */
|
||||||
static int nf_tables_getflowtable(struct net *net, struct sock *nlsk,
|
static int nf_tables_getflowtable(struct sk_buff *skb,
|
||||||
struct sk_buff *skb,
|
const struct nfnl_info *info,
|
||||||
const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
u8 genmask = nft_genmask_cur(net);
|
u8 genmask = nft_genmask_cur(info->net);
|
||||||
int family = nfmsg->nfgen_family;
|
int family = nfmsg->nfgen_family;
|
||||||
struct nft_flowtable *flowtable;
|
struct nft_flowtable *flowtable;
|
||||||
const struct nft_table *table;
|
const struct nft_table *table;
|
||||||
|
struct net *net = info->net;
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
if (nlh->nlmsg_flags & NLM_F_DUMP) {
|
if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
|
||||||
struct netlink_dump_control c = {
|
struct netlink_dump_control c = {
|
||||||
.start = nf_tables_dump_flowtable_start,
|
.start = nf_tables_dump_flowtable_start,
|
||||||
.dump = nf_tables_dump_flowtable,
|
.dump = nf_tables_dump_flowtable,
|
||||||
@@ -7343,7 +7343,7 @@ static int nf_tables_getflowtable(struct net *net, struct sock *nlsk,
|
|||||||
.data = (void *)nla,
|
.data = (void *)nla,
|
||||||
};
|
};
|
||||||
|
|
||||||
return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
|
return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!nla[NFTA_FLOWTABLE_NAME])
|
if (!nla[NFTA_FLOWTABLE_NAME])
|
||||||
@@ -7364,7 +7364,7 @@ static int nf_tables_getflowtable(struct net *net, struct sock *nlsk,
|
|||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
err = nf_tables_fill_flowtable_info(skb2, net, NETLINK_CB(skb).portid,
|
err = nf_tables_fill_flowtable_info(skb2, net, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq,
|
info->nlh->nlmsg_seq,
|
||||||
NFT_MSG_NEWFLOWTABLE, 0, family,
|
NFT_MSG_NEWFLOWTABLE, 0, family,
|
||||||
flowtable, &flowtable->hook_list);
|
flowtable, &flowtable->hook_list);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
@@ -7526,10 +7526,8 @@ err:
|
|||||||
-ENOBUFS);
|
-ENOBUFS);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nf_tables_getgen(struct net *net, struct sock *nlsk,
|
static int nf_tables_getgen(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const nla[])
|
||||||
const struct nlattr * const nla[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
int err;
|
int err;
|
||||||
@@ -7538,12 +7536,12 @@ static int nf_tables_getgen(struct net *net, struct sock *nlsk,
|
|||||||
if (skb2 == NULL)
|
if (skb2 == NULL)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
err = nf_tables_fill_gen_info(skb2, net, NETLINK_CB(skb).portid,
|
err = nf_tables_fill_gen_info(skb2, info->net, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq);
|
info->nlh->nlmsg_seq);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto err_fill_gen_info;
|
goto err_fill_gen_info;
|
||||||
|
|
||||||
return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid);
|
return nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
|
||||||
|
|
||||||
err_fill_gen_info:
|
err_fill_gen_info:
|
||||||
kfree_skb(skb2);
|
kfree_skb(skb2);
|
||||||
|
|||||||
@@ -274,9 +274,8 @@ replay:
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (nc->call_rcu) {
|
if (nc->call_rcu) {
|
||||||
err = nc->call_rcu(net, nfnlnet->nfnl, skb, nlh,
|
err = nc->call_rcu(skb, &info,
|
||||||
(const struct nlattr **)cda,
|
(const struct nlattr **)cda);
|
||||||
extack);
|
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
} else {
|
} else {
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
|
|||||||
@@ -1046,20 +1046,18 @@ static int nfq_id_after(unsigned int id, unsigned int max)
|
|||||||
return (int)(id - max) > 0;
|
return (int)(id - max) > 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nfqnl_recv_verdict_batch(struct net *net, struct sock *ctnl,
|
static int nfqnl_recv_verdict_batch(struct sk_buff *skb,
|
||||||
struct sk_buff *skb,
|
const struct nfnl_info *info,
|
||||||
const struct nlmsghdr *nlh,
|
const struct nlattr * const nfqa[])
|
||||||
const struct nlattr * const nfqa[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
struct nfnl_queue_net *q = nfnl_queue_pernet(info->net);
|
||||||
|
struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
|
u16 queue_num = ntohs(nfmsg->res_id);
|
||||||
struct nf_queue_entry *entry, *tmp;
|
struct nf_queue_entry *entry, *tmp;
|
||||||
unsigned int verdict, maxid;
|
|
||||||
struct nfqnl_msg_verdict_hdr *vhdr;
|
struct nfqnl_msg_verdict_hdr *vhdr;
|
||||||
struct nfqnl_instance *queue;
|
struct nfqnl_instance *queue;
|
||||||
|
unsigned int verdict, maxid;
|
||||||
LIST_HEAD(batch_list);
|
LIST_HEAD(batch_list);
|
||||||
u16 queue_num = ntohs(nfmsg->res_id);
|
|
||||||
struct nfnl_queue_net *q = nfnl_queue_pernet(net);
|
|
||||||
|
|
||||||
queue = verdict_instance_lookup(q, queue_num,
|
queue = verdict_instance_lookup(q, queue_num,
|
||||||
NETLINK_CB(skb).portid);
|
NETLINK_CB(skb).portid);
|
||||||
@@ -1158,22 +1156,19 @@ static int nfqa_parse_bridge(struct nf_queue_entry *entry,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nfqnl_recv_verdict(struct net *net, struct sock *ctnl,
|
static int nfqnl_recv_verdict(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb,
|
const struct nlattr * const nfqa[])
|
||||||
const struct nlmsghdr *nlh,
|
|
||||||
const struct nlattr * const nfqa[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
struct nfgenmsg *nfmsg = nlmsg_data(nlh);
|
struct nfnl_queue_net *q = nfnl_queue_pernet(info->net);
|
||||||
|
struct nfgenmsg *nfmsg = nlmsg_data(info->nlh);
|
||||||
u_int16_t queue_num = ntohs(nfmsg->res_id);
|
u_int16_t queue_num = ntohs(nfmsg->res_id);
|
||||||
struct nfqnl_msg_verdict_hdr *vhdr;
|
struct nfqnl_msg_verdict_hdr *vhdr;
|
||||||
struct nfqnl_instance *queue;
|
|
||||||
unsigned int verdict;
|
|
||||||
struct nf_queue_entry *entry;
|
|
||||||
enum ip_conntrack_info ctinfo;
|
enum ip_conntrack_info ctinfo;
|
||||||
|
struct nfqnl_instance *queue;
|
||||||
|
struct nf_queue_entry *entry;
|
||||||
struct nfnl_ct_hook *nfnl_ct;
|
struct nfnl_ct_hook *nfnl_ct;
|
||||||
struct nf_conn *ct = NULL;
|
struct nf_conn *ct = NULL;
|
||||||
struct nfnl_queue_net *q = nfnl_queue_pernet(net);
|
unsigned int verdict;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
queue = verdict_instance_lookup(q, queue_num,
|
queue = verdict_instance_lookup(q, queue_num,
|
||||||
@@ -1196,7 +1191,8 @@ static int nfqnl_recv_verdict(struct net *net, struct sock *ctnl,
|
|||||||
|
|
||||||
if (nfqa[NFQA_CT]) {
|
if (nfqa[NFQA_CT]) {
|
||||||
if (nfnl_ct != NULL)
|
if (nfnl_ct != NULL)
|
||||||
ct = nfqnl_ct_parse(nfnl_ct, nlh, nfqa, entry, &ctinfo);
|
ct = nfqnl_ct_parse(nfnl_ct, info->nlh, nfqa, entry,
|
||||||
|
&ctinfo);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (entry->state.pf == PF_BRIDGE) {
|
if (entry->state.pf == PF_BRIDGE) {
|
||||||
@@ -1224,10 +1220,8 @@ static int nfqnl_recv_verdict(struct net *net, struct sock *ctnl,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nfqnl_recv_unsupp(struct net *net, struct sock *ctnl,
|
static int nfqnl_recv_unsupp(struct sk_buff *skb, const struct nfnl_info *info,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nlattr * const cda[])
|
||||||
const struct nlattr * const nfqa[],
|
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
return -ENOTSUPP;
|
return -ENOTSUPP;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -613,17 +613,15 @@ nla_put_failure:
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int nfnl_compat_get_rcu(struct net *net, struct sock *nfnl,
|
static int nfnl_compat_get_rcu(struct sk_buff *skb,
|
||||||
struct sk_buff *skb, const struct nlmsghdr *nlh,
|
const struct nfnl_info *info,
|
||||||
const struct nlattr * const tb[],
|
const struct nlattr * const tb[])
|
||||||
struct netlink_ext_ack *extack)
|
|
||||||
{
|
{
|
||||||
int ret = 0, target;
|
|
||||||
struct nfgenmsg *nfmsg;
|
struct nfgenmsg *nfmsg;
|
||||||
const char *fmt;
|
const char *name, *fmt;
|
||||||
const char *name;
|
|
||||||
u32 rev;
|
|
||||||
struct sk_buff *skb2;
|
struct sk_buff *skb2;
|
||||||
|
int ret = 0, target;
|
||||||
|
u32 rev;
|
||||||
|
|
||||||
if (tb[NFTA_COMPAT_NAME] == NULL ||
|
if (tb[NFTA_COMPAT_NAME] == NULL ||
|
||||||
tb[NFTA_COMPAT_REV] == NULL ||
|
tb[NFTA_COMPAT_REV] == NULL ||
|
||||||
@@ -634,7 +632,7 @@ static int nfnl_compat_get_rcu(struct net *net, struct sock *nfnl,
|
|||||||
rev = ntohl(nla_get_be32(tb[NFTA_COMPAT_REV]));
|
rev = ntohl(nla_get_be32(tb[NFTA_COMPAT_REV]));
|
||||||
target = ntohl(nla_get_be32(tb[NFTA_COMPAT_TYPE]));
|
target = ntohl(nla_get_be32(tb[NFTA_COMPAT_TYPE]));
|
||||||
|
|
||||||
nfmsg = nlmsg_data(nlh);
|
nfmsg = nlmsg_data(info->nlh);
|
||||||
|
|
||||||
switch(nfmsg->nfgen_family) {
|
switch(nfmsg->nfgen_family) {
|
||||||
case AF_INET:
|
case AF_INET:
|
||||||
@@ -673,8 +671,8 @@ static int nfnl_compat_get_rcu(struct net *net, struct sock *nfnl,
|
|||||||
|
|
||||||
/* include the best revision for this extension in the message */
|
/* include the best revision for this extension in the message */
|
||||||
if (nfnl_compat_fill_info(skb2, NETLINK_CB(skb).portid,
|
if (nfnl_compat_fill_info(skb2, NETLINK_CB(skb).portid,
|
||||||
nlh->nlmsg_seq,
|
info->nlh->nlmsg_seq,
|
||||||
NFNL_MSG_TYPE(nlh->nlmsg_type),
|
NFNL_MSG_TYPE(info->nlh->nlmsg_type),
|
||||||
NFNL_MSG_COMPAT_GET,
|
NFNL_MSG_COMPAT_GET,
|
||||||
nfmsg->nfgen_family,
|
nfmsg->nfgen_family,
|
||||||
name, ret, target) <= 0) {
|
name, ret, target) <= 0) {
|
||||||
@@ -682,8 +680,8 @@ static int nfnl_compat_get_rcu(struct net *net, struct sock *nfnl,
|
|||||||
goto out_put;
|
goto out_put;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = netlink_unicast(nfnl, skb2, NETLINK_CB(skb).portid,
|
ret = netlink_unicast(info->sk, skb2, NETLINK_CB(skb).portid,
|
||||||
MSG_DONTWAIT);
|
MSG_DONTWAIT);
|
||||||
if (ret > 0)
|
if (ret > 0)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
out_put:
|
out_put:
|
||||||
|
|||||||
Reference in New Issue
Block a user