tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nfnetlink: pass struct nfnl_info to batch callbacks

Update batch callbacks to use the nfnl_info structure. Rename one
clashing info variable to expr_info.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 7dab8ee3 797d4980

+183 -177
+2 -4
include/linux/netfilter/nfnetlink.h
··· 19 19 const struct nlattr * const cda[]); 20 20 int (*call_rcu)(struct sk_buff *skb, const struct nfnl_info *info, 21 21 const struct nlattr * const cda[]); 22 - int (*call_batch)(struct net *net, struct sock *nl, struct sk_buff *skb, 23 - const struct nlmsghdr *nlh, 24 - const struct nlattr * const cda[], 25 - struct netlink_ext_ack *extack); 22 + int (*call_batch)(struct sk_buff *skb, const struct nfnl_info *info, 23 + const struct nlattr * const cda[]); 26 24 const struct nla_policy *policy; /* netlink attribute policy */ 27 25 const u_int16_t attr_count; /* number of nlattr's */ 28 26 };
+172 -168
net/netfilter/nf_tables_api.c
··· 1055 1055 return strcmp(obj->key.name, k->name); 1056 1056 } 1057 1057 1058 - static int nf_tables_newtable(struct net *net, struct sock *nlsk, 1059 - struct sk_buff *skb, const struct nlmsghdr *nlh, 1060 - const struct nlattr * const nla[], 1061 - struct netlink_ext_ack *extack) 1058 + static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info, 1059 + const struct nlattr * const nla[]) 1062 1060 { 1063 - struct nftables_pernet *nft_net = nft_pernet(net); 1064 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 1065 - u8 genmask = nft_genmask_next(net); 1061 + struct nftables_pernet *nft_net = nft_pernet(info->net); 1062 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 1063 + struct netlink_ext_ack *extack = info->extack; 1064 + u8 genmask = nft_genmask_next(info->net); 1066 1065 int family = nfmsg->nfgen_family; 1066 + struct net *net = info->net; 1067 1067 const struct nlattr *attr; 1068 1068 struct nft_table *table; 1069 1069 struct nft_ctx ctx; ··· 1078 1078 if (PTR_ERR(table) != -ENOENT) 1079 1079 return PTR_ERR(table); 1080 1080 } else { 1081 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 1081 + if (info->nlh->nlmsg_flags & NLM_F_EXCL) { 1082 1082 NL_SET_BAD_ATTR(extack, attr); 1083 1083 return -EEXIST; 1084 1084 } 1085 - if (nlh->nlmsg_flags & NLM_F_REPLACE) 1085 + if (info->nlh->nlmsg_flags & NLM_F_REPLACE) 1086 1086 return -EOPNOTSUPP; 1087 1087 1088 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 1088 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 1089 + 1089 1090 return nf_tables_updtable(&ctx); 1090 1091 } 1091 1092 ··· 1127 1126 if (table->flags & NFT_TABLE_F_OWNER) 1128 1127 table->nlpid = NETLINK_CB(skb).portid; 1129 1128 1130 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 1129 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 1131 1130 err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); 1132 1131 if (err < 0) 1133 1132 goto err_trans; ··· 1251 1250 return err; 1252 1251 } 1253 1252 1254 - static int nf_tables_deltable(struct net *net, struct sock *nlsk, 1255 - struct sk_buff *skb, const struct nlmsghdr *nlh, 1256 - const struct nlattr * const nla[], 1257 - struct netlink_ext_ack *extack) 1253 + static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info, 1254 + const struct nlattr * const nla[]) 1258 1255 { 1259 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 1260 - u8 genmask = nft_genmask_next(net); 1256 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 1257 + struct netlink_ext_ack *extack = info->extack; 1258 + u8 genmask = nft_genmask_next(info->net); 1261 1259 int family = nfmsg->nfgen_family; 1260 + struct net *net = info->net; 1262 1261 const struct nlattr *attr; 1263 1262 struct nft_table *table; 1264 1263 struct nft_ctx ctx; 1265 1264 1266 - nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); 1265 + nft_ctx_init(&ctx, net, skb, info->nlh, 0, NULL, NULL, nla); 1267 1266 if (family == AF_UNSPEC || 1268 1267 (!nla[NFTA_TABLE_NAME] && !nla[NFTA_TABLE_HANDLE])) 1269 1268 return nft_flush(&ctx, family); ··· 1282 1281 return PTR_ERR(table); 1283 1282 } 1284 1283 1285 - if (nlh->nlmsg_flags & NLM_F_NONREC && 1284 + if (info->nlh->nlmsg_flags & NLM_F_NONREC && 1286 1285 table->use > 0) 1287 1286 return -EBUSY; 1288 1287 ··· 2351 2350 return ERR_PTR(-ENOENT); 2352 2351 } 2353 2352 2354 - static int nf_tables_newchain(struct net *net, struct sock *nlsk, 2355 - struct sk_buff *skb, const struct nlmsghdr *nlh, 2356 - const struct nlattr * const nla[], 2357 - struct netlink_ext_ack *extack) 2353 + static int nf_tables_newchain(struct sk_buff *skb, const struct nfnl_info *info, 2354 + const struct nlattr * const nla[]) 2358 2355 { 2359 - struct nftables_pernet *nft_net = nft_pernet(net); 2360 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 2361 - u8 genmask = nft_genmask_next(net); 2356 + struct nftables_pernet *nft_net = nft_pernet(info->net); 2357 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 2358 + struct netlink_ext_ack *extack = info->extack; 2359 + u8 genmask = nft_genmask_next(info->net); 2362 2360 int family = nfmsg->nfgen_family; 2363 2361 struct nft_chain *chain = NULL; 2362 + struct net *net = info->net; 2364 2363 const struct nlattr *attr; 2365 2364 struct nft_table *table; 2366 2365 u8 policy = NF_ACCEPT; ··· 2432 2431 if (flags & ~NFT_CHAIN_FLAGS) 2433 2432 return -EOPNOTSUPP; 2434 2433 2435 - nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); 2434 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla); 2436 2435 2437 2436 if (chain != NULL) { 2438 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 2437 + if (info->nlh->nlmsg_flags & NLM_F_EXCL) { 2439 2438 NL_SET_BAD_ATTR(extack, attr); 2440 2439 return -EEXIST; 2441 2440 } 2442 - if (nlh->nlmsg_flags & NLM_F_REPLACE) 2441 + if (info->nlh->nlmsg_flags & NLM_F_REPLACE) 2443 2442 return -EOPNOTSUPP; 2444 2443 2445 2444 flags |= chain->flags & NFT_CHAIN_BASE; ··· 2450 2449 return nf_tables_addchain(&ctx, family, genmask, policy, flags); 2451 2450 } 2452 2451 2453 - static int nf_tables_delchain(struct net *net, struct sock *nlsk, 2454 - struct sk_buff *skb, const struct nlmsghdr *nlh, 2455 - const struct nlattr * const nla[], 2456 - struct netlink_ext_ack *extack) 2452 + static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info, 2453 + const struct nlattr * const nla[]) 2457 2454 { 2458 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 2459 - u8 genmask = nft_genmask_next(net); 2455 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 2456 + struct netlink_ext_ack *extack = info->extack; 2457 + u8 genmask = nft_genmask_next(info->net); 2460 2458 int family = nfmsg->nfgen_family; 2459 + struct net *net = info->net; 2461 2460 const struct nlattr *attr; 2462 2461 struct nft_table *table; 2463 2462 struct nft_chain *chain; ··· 2487 2486 return PTR_ERR(chain); 2488 2487 } 2489 2488 2490 - if (nlh->nlmsg_flags & NLM_F_NONREC && 2489 + if (info->nlh->nlmsg_flags & NLM_F_NONREC && 2491 2490 chain->use > 0) 2492 2491 return -EBUSY; 2493 2492 2494 - nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); 2493 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla); 2495 2494 2496 2495 use = chain->use; 2497 2496 list_for_each_entry(rule, &chain->rules, list) { ··· 2714 2713 } 2715 2714 2716 2715 static int nf_tables_newexpr(const struct nft_ctx *ctx, 2717 - const struct nft_expr_info *info, 2716 + const struct nft_expr_info *expr_info, 2718 2717 struct nft_expr *expr) 2719 2718 { 2720 - const struct nft_expr_ops *ops = info->ops; 2719 + const struct nft_expr_ops *ops = expr_info->ops; 2721 2720 int err; 2722 2721 2723 2722 expr->ops = ops; 2724 2723 if (ops->init) { 2725 - err = ops->init(ctx, expr, (const struct nlattr **)info->tb); 2724 + err = ops->init(ctx, expr, (const struct nlattr **)expr_info->tb); 2726 2725 if (err < 0) 2727 2726 goto err1; 2728 2727 } ··· 2746 2745 static struct nft_expr *nft_expr_init(const struct nft_ctx *ctx, 2747 2746 const struct nlattr *nla) 2748 2747 { 2749 - struct nft_expr_info info; 2748 + struct nft_expr_info expr_info; 2750 2749 struct nft_expr *expr; 2751 2750 struct module *owner; 2752 2751 int err; 2753 2752 2754 - err = nf_tables_expr_parse(ctx, nla, &info); 2753 + err = nf_tables_expr_parse(ctx, nla, &expr_info); 2755 2754 if (err < 0) 2756 2755 goto err1; 2757 2756 2758 2757 err = -ENOMEM; 2759 - expr = kzalloc(info.ops->size, GFP_KERNEL); 2758 + expr = kzalloc(expr_info.ops->size, GFP_KERNEL); 2760 2759 if (expr == NULL) 2761 2760 goto err2; 2762 2761 2763 - err = nf_tables_newexpr(ctx, &info, expr); 2762 + err = nf_tables_newexpr(ctx, &expr_info, expr); 2764 2763 if (err < 0) 2765 2764 goto err3; 2766 2765 ··· 2768 2767 err3: 2769 2768 kfree(expr); 2770 2769 err2: 2771 - owner = info.ops->type->owner; 2772 - if (info.ops->type->release_ops) 2773 - info.ops->type->release_ops(info.ops); 2770 + owner = expr_info.ops->type->owner; 2771 + if (expr_info.ops->type->release_ops) 2772 + expr_info.ops->type->release_ops(expr_info.ops); 2774 2773 2775 2774 module_put(owner); 2776 2775 err1: ··· 3217 3216 3218 3217 #define NFT_RULE_MAXEXPRS 128 3219 3218 3220 - static int nf_tables_newrule(struct net *net, struct sock *nlsk, 3221 - struct sk_buff *skb, const struct nlmsghdr *nlh, 3222 - const struct nlattr * const nla[], 3223 - struct netlink_ext_ack *extack) 3219 + static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info, 3220 + const struct nlattr * const nla[]) 3224 3221 { 3225 - struct nftables_pernet *nft_net = nft_pernet(net); 3226 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 3227 - u8 genmask = nft_genmask_next(net); 3228 - struct nft_expr_info *info = NULL; 3222 + struct nftables_pernet *nft_net = nft_pernet(info->net); 3223 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 3224 + struct netlink_ext_ack *extack = info->extack; 3225 + unsigned int size, i, n, ulen = 0, usize = 0; 3226 + u8 genmask = nft_genmask_next(info->net); 3227 + struct nft_rule *rule, *old_rule = NULL; 3228 + struct nft_expr_info *expr_info = NULL; 3229 3229 int family = nfmsg->nfgen_family; 3230 + struct net *net = info->net; 3230 3231 struct nft_flow_rule *flow; 3232 + struct nft_userdata *udata; 3231 3233 struct nft_table *table; 3232 3234 struct nft_chain *chain; 3233 - struct nft_rule *rule, *old_rule = NULL; 3234 - struct nft_userdata *udata; 3235 - struct nft_trans *trans = NULL; 3235 + struct nft_trans *trans; 3236 + u64 handle, pos_handle; 3236 3237 struct nft_expr *expr; 3237 3238 struct nft_ctx ctx; 3238 3239 struct nlattr *tmp; 3239 - unsigned int size, i, n, ulen = 0, usize = 0; 3240 3240 int err, rem; 3241 - u64 handle, pos_handle; 3242 3241 3243 3242 lockdep_assert_held(&nft_net->commit_mutex); 3244 3243 ··· 3277 3276 return PTR_ERR(rule); 3278 3277 } 3279 3278 3280 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 3279 + if (info->nlh->nlmsg_flags & NLM_F_EXCL) { 3281 3280 NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]); 3282 3281 return -EEXIST; 3283 3282 } 3284 - if (nlh->nlmsg_flags & NLM_F_REPLACE) 3283 + if (info->nlh->nlmsg_flags & NLM_F_REPLACE) 3285 3284 old_rule = rule; 3286 3285 else 3287 3286 return -EOPNOTSUPP; 3288 3287 } else { 3289 - if (!(nlh->nlmsg_flags & NLM_F_CREATE) || 3290 - nlh->nlmsg_flags & NLM_F_REPLACE) 3288 + if (!(info->nlh->nlmsg_flags & NLM_F_CREATE) || 3289 + info->nlh->nlmsg_flags & NLM_F_REPLACE) 3291 3290 return -EINVAL; 3292 3291 handle = nf_tables_alloc_handle(table); 3293 3292 ··· 3310 3309 } 3311 3310 } 3312 3311 3313 - nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); 3312 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla); 3314 3313 3315 3314 n = 0; 3316 3315 size = 0; 3317 3316 if (nla[NFTA_RULE_EXPRESSIONS]) { 3318 - info = kvmalloc_array(NFT_RULE_MAXEXPRS, 3319 - sizeof(struct nft_expr_info), 3320 - GFP_KERNEL); 3321 - if (!info) 3317 + expr_info = kvmalloc_array(NFT_RULE_MAXEXPRS, 3318 + sizeof(struct nft_expr_info), 3319 + GFP_KERNEL); 3320 + if (!expr_info) 3322 3321 return -ENOMEM; 3323 3322 3324 3323 nla_for_each_nested(tmp, nla[NFTA_RULE_EXPRESSIONS], rem) { ··· 3327 3326 goto err1; 3328 3327 if (n == NFT_RULE_MAXEXPRS) 3329 3328 goto err1; 3330 - err = nf_tables_expr_parse(&ctx, tmp, &info[n]); 3329 + err = nf_tables_expr_parse(&ctx, tmp, &expr_info[n]); 3331 3330 if (err < 0) 3332 3331 goto err1; 3333 - size += info[n].ops->size; 3332 + size += expr_info[n].ops->size; 3334 3333 n++; 3335 3334 } 3336 3335 } ··· 3364 3363 3365 3364 expr = nft_expr_first(rule); 3366 3365 for (i = 0; i < n; i++) { 3367 - err = nf_tables_newexpr(&ctx, &info[i], expr); 3366 + err = nf_tables_newexpr(&ctx, &expr_info[i], expr); 3368 3367 if (err < 0) { 3369 - NL_SET_BAD_ATTR(extack, info[i].attr); 3368 + NL_SET_BAD_ATTR(extack, expr_info[i].attr); 3370 3369 goto err2; 3371 3370 } 3372 3371 3373 - if (info[i].ops->validate) 3372 + if (expr_info[i].ops->validate) 3374 3373 nft_validate_state_update(net, NFT_VALIDATE_NEED); 3375 3374 3376 - info[i].ops = NULL; 3375 + expr_info[i].ops = NULL; 3377 3376 expr = nft_expr_next(expr); 3378 3377 } 3379 3378 3380 - if (nlh->nlmsg_flags & NLM_F_REPLACE) { 3379 + if (info->nlh->nlmsg_flags & NLM_F_REPLACE) { 3381 3380 trans = nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule); 3382 3381 if (trans == NULL) { 3383 3382 err = -ENOMEM; ··· 3397 3396 goto err2; 3398 3397 } 3399 3398 3400 - if (nlh->nlmsg_flags & NLM_F_APPEND) { 3399 + if (info->nlh->nlmsg_flags & NLM_F_APPEND) { 3401 3400 if (old_rule) 3402 3401 list_add_rcu(&rule->list, &old_rule->list); 3403 3402 else ··· 3409 3408 list_add_rcu(&rule->list, &chain->rules); 3410 3409 } 3411 3410 } 3412 - kvfree(info); 3411 + kvfree(expr_info); 3413 3412 chain->use++; 3414 3413 3415 3414 if (nft_net->validate_state == NFT_VALIDATE_DO) ··· 3428 3427 nf_tables_rule_release(&ctx, rule); 3429 3428 err1: 3430 3429 for (i = 0; i < n; i++) { 3431 - if (info[i].ops) { 3432 - module_put(info[i].ops->type->owner); 3433 - if (info[i].ops->type->release_ops) 3434 - info[i].ops->type->release_ops(info[i].ops); 3430 + if (expr_info[i].ops) { 3431 + module_put(expr_info[i].ops->type->owner); 3432 + if (expr_info[i].ops->type->release_ops) 3433 + expr_info[i].ops->type->release_ops(expr_info[i].ops); 3435 3434 } 3436 3435 } 3437 - kvfree(info); 3436 + kvfree(expr_info); 3437 + 3438 3438 return err; 3439 3439 } 3440 3440 ··· 3456 3454 return ERR_PTR(-ENOENT); 3457 3455 } 3458 3456 3459 - static int nf_tables_delrule(struct net *net, struct sock *nlsk, 3460 - struct sk_buff *skb, const struct nlmsghdr *nlh, 3461 - const struct nlattr * const nla[], 3462 - struct netlink_ext_ack *extack) 3457 + static int nf_tables_delrule(struct sk_buff *skb, const struct nfnl_info *info, 3458 + const struct nlattr * const nla[]) 3463 3459 { 3464 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 3465 - u8 genmask = nft_genmask_next(net); 3466 - struct nft_table *table; 3467 - struct nft_chain *chain = NULL; 3468 - struct nft_rule *rule; 3460 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 3461 + struct netlink_ext_ack *extack = info->extack; 3469 3462 int family = nfmsg->nfgen_family, err = 0; 3463 + u8 genmask = nft_genmask_next(info->net); 3464 + struct nft_chain *chain = NULL; 3465 + struct net *net = info->net; 3466 + struct nft_table *table; 3467 + struct nft_rule *rule; 3470 3468 struct nft_ctx ctx; 3471 3469 3472 3470 table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask, ··· 3487 3485 return -EOPNOTSUPP; 3488 3486 } 3489 3487 3490 - nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); 3488 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla); 3491 3489 3492 3490 if (chain) { 3493 3491 if (nla[NFTA_RULE_HANDLE]) { ··· 4168 4166 return err; 4169 4167 } 4170 4168 4171 - static int nf_tables_newset(struct net *net, struct sock *nlsk, 4172 - struct sk_buff *skb, const struct nlmsghdr *nlh, 4173 - const struct nlattr * const nla[], 4174 - struct netlink_ext_ack *extack) 4169 + static int nf_tables_newset(struct sk_buff *skb, const struct nfnl_info *info, 4170 + const struct nlattr * const nla[]) 4175 4171 { 4176 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 4177 - u8 genmask = nft_genmask_next(net); 4172 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 4173 + u32 ktype, dtype, flags, policy, gc_int, objtype; 4174 + struct netlink_ext_ack *extack = info->extack; 4175 + u8 genmask = nft_genmask_next(info->net); 4178 4176 int family = nfmsg->nfgen_family; 4179 4177 const struct nft_set_ops *ops; 4180 4178 struct nft_expr *expr = NULL; 4179 + struct net *net = info->net; 4180 + struct nft_set_desc desc; 4181 4181 struct nft_table *table; 4182 + unsigned char *udata; 4182 4183 struct nft_set *set; 4183 4184 struct nft_ctx ctx; 4184 - char *name; 4185 - u64 size; 4186 4185 u64 timeout; 4187 - u32 ktype, dtype, flags, policy, gc_int, objtype; 4188 - struct nft_set_desc desc; 4189 - unsigned char *udata; 4186 + char *name; 4187 + int err, i; 4190 4188 u16 udlen; 4191 - int err; 4192 - int i; 4189 + u64 size; 4193 4190 4194 4191 if (nla[NFTA_SET_TABLE] == NULL || 4195 4192 nla[NFTA_SET_NAME] == NULL || ··· 4296 4295 return PTR_ERR(table); 4297 4296 } 4298 4297 4299 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 4298 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 4300 4299 4301 4300 set = nft_set_lookup(table, nla[NFTA_SET_NAME], genmask); 4302 4301 if (IS_ERR(set)) { ··· 4305 4304 return PTR_ERR(set); 4306 4305 } 4307 4306 } else { 4308 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 4307 + if (info->nlh->nlmsg_flags & NLM_F_EXCL) { 4309 4308 NL_SET_BAD_ATTR(extack, nla[NFTA_SET_NAME]); 4310 4309 return -EEXIST; 4311 4310 } 4312 - if (nlh->nlmsg_flags & NLM_F_REPLACE) 4311 + if (info->nlh->nlmsg_flags & NLM_F_REPLACE) 4313 4312 return -EOPNOTSUPP; 4314 4313 4315 4314 return 0; 4316 4315 } 4317 4316 4318 - if (!(nlh->nlmsg_flags & NLM_F_CREATE)) 4317 + if (!(info->nlh->nlmsg_flags & NLM_F_CREATE)) 4319 4318 return -ENOENT; 4320 4319 4321 4320 ops = nft_select_set_ops(&ctx, nla, &desc, policy); ··· 4449 4448 kvfree(set); 4450 4449 } 4451 4450 4452 - static int nf_tables_delset(struct net *net, struct sock *nlsk, 4453 - struct sk_buff *skb, const struct nlmsghdr *nlh, 4454 - const struct nlattr * const nla[], 4455 - struct netlink_ext_ack *extack) 4451 + static int nf_tables_delset(struct sk_buff *skb, const struct nfnl_info *info, 4452 + const struct nlattr * const nla[]) 4456 4453 { 4457 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 4458 - u8 genmask = nft_genmask_next(net); 4454 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 4455 + struct netlink_ext_ack *extack = info->extack; 4456 + u8 genmask = nft_genmask_next(info->net); 4457 + struct net *net = info->net; 4459 4458 const struct nlattr *attr; 4460 4459 struct nft_set *set; 4461 4460 struct nft_ctx ctx; ··· 4466 4465 if (nla[NFTA_SET_TABLE] == NULL) 4467 4466 return -EINVAL; 4468 4467 4469 - err = nft_ctx_init_from_setattr(&ctx, net, skb, nlh, nla, extack, 4468 + err = nft_ctx_init_from_setattr(&ctx, net, skb, info->nlh, nla, extack, 4470 4469 genmask, NETLINK_CB(skb).portid); 4471 4470 if (err < 0) 4472 4471 return err; ··· 4484 4483 return PTR_ERR(set); 4485 4484 } 4486 4485 if (set->use || 4487 - (nlh->nlmsg_flags & NLM_F_NONREC && atomic_read(&set->nelems) > 0)) { 4486 + (info->nlh->nlmsg_flags & NLM_F_NONREC && 4487 + atomic_read(&set->nelems) > 0)) { 4488 4488 NL_SET_BAD_ATTR(extack, attr); 4489 4489 return -EBUSY; 4490 4490 } ··· 5656 5654 return err; 5657 5655 } 5658 5656 5659 - static int nf_tables_newsetelem(struct net *net, struct sock *nlsk, 5660 - struct sk_buff *skb, const struct nlmsghdr *nlh, 5661 - const struct nlattr * const nla[], 5662 - struct netlink_ext_ack *extack) 5657 + static int nf_tables_newsetelem(struct sk_buff *skb, 5658 + const struct nfnl_info *info, 5659 + const struct nlattr * const nla[]) 5663 5660 { 5664 - struct nftables_pernet *nft_net = nft_pernet(net); 5665 - u8 genmask = nft_genmask_next(net); 5661 + struct nftables_pernet *nft_net = nft_pernet(info->net); 5662 + struct netlink_ext_ack *extack = info->extack; 5663 + u8 genmask = nft_genmask_next(info->net); 5664 + struct net *net = info->net; 5666 5665 const struct nlattr *attr; 5667 5666 struct nft_set *set; 5668 5667 struct nft_ctx ctx; ··· 5672 5669 if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL) 5673 5670 return -EINVAL; 5674 5671 5675 - err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, extack, 5672 + err = nft_ctx_init_from_elemattr(&ctx, net, skb, info->nlh, nla, extack, 5676 5673 genmask, NETLINK_CB(skb).portid); 5677 5674 if (err < 0) 5678 5675 return err; ··· 5686 5683 return -EBUSY; 5687 5684 5688 5685 nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) { 5689 - err = nft_add_set_elem(&ctx, set, attr, nlh->nlmsg_flags); 5686 + err = nft_add_set_elem(&ctx, set, attr, info->nlh->nlmsg_flags); 5690 5687 if (err < 0) 5691 5688 return err; 5692 5689 } ··· 5869 5866 return err; 5870 5867 } 5871 5868 5872 - static int nf_tables_delsetelem(struct net *net, struct sock *nlsk, 5873 - struct sk_buff *skb, const struct nlmsghdr *nlh, 5874 - const struct nlattr * const nla[], 5875 - struct netlink_ext_ack *extack) 5869 + static int nf_tables_delsetelem(struct sk_buff *skb, 5870 + const struct nfnl_info *info, 5871 + const struct nlattr * const nla[]) 5876 5872 { 5877 - u8 genmask = nft_genmask_next(net); 5873 + struct netlink_ext_ack *extack = info->extack; 5874 + u8 genmask = nft_genmask_next(info->net); 5875 + struct net *net = info->net; 5878 5876 const struct nlattr *attr; 5879 5877 struct nft_set *set; 5880 5878 struct nft_ctx ctx; 5881 5879 int rem, err = 0; 5882 5880 5883 - err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, extack, 5881 + err = nft_ctx_init_from_elemattr(&ctx, net, skb, info->nlh, nla, extack, 5884 5882 genmask, NETLINK_CB(skb).portid); 5885 5883 if (err < 0) 5886 5884 return err; ··· 6165 6161 return err; 6166 6162 } 6167 6163 6168 - static int nf_tables_newobj(struct net *net, struct sock *nlsk, 6169 - struct sk_buff *skb, const struct nlmsghdr *nlh, 6170 - const struct nlattr * const nla[], 6171 - struct netlink_ext_ack *extack) 6164 + static int nf_tables_newobj(struct sk_buff *skb, const struct nfnl_info *info, 6165 + const struct nlattr * const nla[]) 6172 6166 { 6173 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 6167 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 6168 + struct netlink_ext_ack *extack = info->extack; 6169 + u8 genmask = nft_genmask_next(info->net); 6174 6170 const struct nft_object_type *type; 6175 - u8 genmask = nft_genmask_next(net); 6176 6171 int family = nfmsg->nfgen_family; 6172 + struct net *net = info->net; 6177 6173 struct nft_table *table; 6178 6174 struct nft_object *obj; 6179 6175 struct nft_ctx ctx; ··· 6201 6197 return err; 6202 6198 } 6203 6199 } else { 6204 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 6200 + if (info->nlh->nlmsg_flags & NLM_F_EXCL) { 6205 6201 NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_NAME]); 6206 6202 return -EEXIST; 6207 6203 } 6208 - if (nlh->nlmsg_flags & NLM_F_REPLACE) 6204 + if (info->nlh->nlmsg_flags & NLM_F_REPLACE) 6209 6205 return -EOPNOTSUPP; 6210 6206 6211 6207 type = __nft_obj_type_get(objtype); 6212 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 6208 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 6213 6209 6214 6210 return nf_tables_updobj(&ctx, type, nla[NFTA_OBJ_DATA], obj); 6215 6211 } 6216 6212 6217 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 6213 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 6218 6214 6219 6215 type = nft_obj_type_get(net, objtype); 6220 6216 if (IS_ERR(type)) ··· 6511 6507 kfree(obj); 6512 6508 } 6513 6509 6514 - static int nf_tables_delobj(struct net *net, struct sock *nlsk, 6515 - struct sk_buff *skb, const struct nlmsghdr *nlh, 6516 - const struct nlattr * const nla[], 6517 - struct netlink_ext_ack *extack) 6510 + static int nf_tables_delobj(struct sk_buff *skb, const struct nfnl_info *info, 6511 + const struct nlattr * const nla[]) 6518 6512 { 6519 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 6520 - u8 genmask = nft_genmask_next(net); 6513 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 6514 + struct netlink_ext_ack *extack = info->extack; 6515 + u8 genmask = nft_genmask_next(info->net); 6521 6516 int family = nfmsg->nfgen_family; 6517 + struct net *net = info->net; 6522 6518 const struct nlattr *attr; 6523 6519 struct nft_table *table; 6524 6520 struct nft_object *obj; ··· 6554 6550 return -EBUSY; 6555 6551 } 6556 6552 6557 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 6553 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 6558 6554 6559 6555 return nft_delobj(&ctx, obj); 6560 6556 } ··· 6941 6937 6942 6938 } 6943 6939 6944 - static int nf_tables_newflowtable(struct net *net, struct sock *nlsk, 6945 - struct sk_buff *skb, 6946 - const struct nlmsghdr *nlh, 6947 - const struct nlattr * const nla[], 6948 - struct netlink_ext_ack *extack) 6940 + static int nf_tables_newflowtable(struct sk_buff *skb, 6941 + const struct nfnl_info *info, 6942 + const struct nlattr * const nla[]) 6949 6943 { 6950 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 6944 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 6945 + struct netlink_ext_ack *extack = info->extack; 6951 6946 struct nft_flowtable_hook flowtable_hook; 6947 + u8 genmask = nft_genmask_next(info->net); 6952 6948 const struct nf_flowtable_type *type; 6953 - u8 genmask = nft_genmask_next(net); 6954 6949 int family = nfmsg->nfgen_family; 6955 6950 struct nft_flowtable *flowtable; 6956 6951 struct nft_hook *hook, *next; 6952 + struct net *net = info->net; 6957 6953 struct nft_table *table; 6958 6954 struct nft_ctx ctx; 6959 6955 int err; ··· 6979 6975 return err; 6980 6976 } 6981 6977 } else { 6982 - if (nlh->nlmsg_flags & NLM_F_EXCL) { 6978 + if (info->nlh->nlmsg_flags & NLM_F_EXCL) { 6983 6979 NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_NAME]); 6984 6980 return -EEXIST; 6985 6981 } 6986 6982 6987 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 6983 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 6988 6984 6989 - return nft_flowtable_update(&ctx, nlh, flowtable); 6985 + return nft_flowtable_update(&ctx, info->nlh, flowtable); 6990 6986 } 6991 6987 6992 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 6988 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 6993 6989 6994 6990 flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); 6995 6991 if (!flowtable) ··· 7130 7126 return err; 7131 7127 } 7132 7128 7133 - static int nf_tables_delflowtable(struct net *net, struct sock *nlsk, 7134 - struct sk_buff *skb, 7135 - const struct nlmsghdr *nlh, 7136 - const struct nlattr * const nla[], 7137 - struct netlink_ext_ack *extack) 7129 + static int nf_tables_delflowtable(struct sk_buff *skb, 7130 + const struct nfnl_info *info, 7131 + const struct nlattr * const nla[]) 7138 7132 { 7139 - const struct nfgenmsg *nfmsg = nlmsg_data(nlh); 7140 - u8 genmask = nft_genmask_next(net); 7133 + const struct nfgenmsg *nfmsg = nlmsg_data(info->nlh); 7134 + struct netlink_ext_ack *extack = info->extack; 7135 + u8 genmask = nft_genmask_next(info->net); 7141 7136 int family = nfmsg->nfgen_family; 7142 7137 struct nft_flowtable *flowtable; 7138 + struct net *net = info->net; 7143 7139 const struct nlattr *attr; 7144 7140 struct nft_table *table; 7145 7141 struct nft_ctx ctx; ··· 7169 7165 return PTR_ERR(flowtable); 7170 7166 } 7171 7167 7172 - nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); 7168 + nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla); 7173 7169 7174 7170 if (nla[NFTA_FLOWTABLE_HOOK]) 7175 7171 return nft_delflowtable_hook(&ctx, flowtable);
+9 -5
net/netfilter/nfnetlink.c
··· 469 469 470 470 { 471 471 int min_len = nlmsg_total_size(sizeof(struct nfgenmsg)); 472 + struct nfnl_net *nfnlnet = nfnl_pernet(net); 472 473 u8 cb_id = NFNL_MSG_TYPE(nlh->nlmsg_type); 473 474 struct nlattr *cda[NFNL_MAX_ATTR_COUNT + 1]; 474 475 struct nlattr *attr = (void *)nlh + min_len; 475 476 int attrlen = nlh->nlmsg_len - min_len; 477 + struct nfnl_info info = { 478 + .net = net, 479 + .sk = nfnlnet->nfnl, 480 + .nlh = nlh, 481 + .extack = &extack, 482 + }; 476 483 477 484 /* Sanity-check NFTA_MAX_ATTR */ 478 485 if (ss->cb[cb_id].attr_count > NFNL_MAX_ATTR_COUNT) { ··· 495 488 goto ack; 496 489 497 490 if (nc->call_batch) { 498 - struct nfnl_net *nfnlnet = nfnl_pernet(net); 499 - 500 - err = nc->call_batch(net, nfnlnet->nfnl, skb, nlh, 501 - (const struct nlattr **)cda, 502 - &extack); 491 + err = nc->call_batch(skb, &info, 492 + (const struct nlattr **)cda); 503 493 } 504 494 505 495 /* The lock was released to autoload some module, we