Commit 36a686c0 authored by Phil Sutter's avatar Phil Sutter Committed by Pablo Neira Ayuso
Browse files

Revert "netfilter: nf_tables: Add notifications for hook changes" 



This reverts commit 465b9ee0.

Such notifications fit better into core or nfnetlink_hook code,
following the NFNL_MSG_HOOK_GET message format.

Signed-off-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 6ac86ac7

include/net/netfilter/nf_tables.h

+0 −5
Original line number Diff line number Diff line
@@ -1142,11 +1142,6 @@ int nft_set_catchall_validate(const struct nft_ctx *ctx, struct nft_set *set); 
int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);

void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);



struct nft_hook;

void nf_tables_chain_device_notify(const struct nft_chain *chain,

				   const struct nft_hook *hook,

				   const struct net_device *dev, int event);



enum nft_chain_types {

	NFT_CHAIN_T_DEFAULT = 0,

	NFT_CHAIN_T_ROUTE,

include/uapi/linux/netfilter/nf_tables.h

+0 −10
Original line number Diff line number Diff line
@@ -142,8 +142,6 @@ enum nf_tables_msg_types { 
	NFT_MSG_DESTROYOBJ,

	NFT_MSG_DESTROYFLOWTABLE,

	NFT_MSG_GETSETELEM_RESET,

	NFT_MSG_NEWDEV,

	NFT_MSG_DELDEV,

	NFT_MSG_MAX,

};
@@ -1786,18 +1784,10 @@ enum nft_synproxy_attributes { 
 * enum nft_device_attributes - nf_tables device netlink attributes

 *

 * @NFTA_DEVICE_NAME: name of this device (NLA_STRING)

 * @NFTA_DEVICE_TABLE: table containing the flowtable or chain hooking into the device (NLA_STRING)

 * @NFTA_DEVICE_FLOWTABLE: flowtable hooking into the device (NLA_STRING)

 * @NFTA_DEVICE_CHAIN: chain hooking into the device (NLA_STRING)

 * @NFTA_DEVICE_SPEC: hook spec matching the device (NLA_STRING)

 */

enum nft_devices_attributes {

	NFTA_DEVICE_UNSPEC,

	NFTA_DEVICE_NAME,

	NFTA_DEVICE_TABLE,

	NFTA_DEVICE_FLOWTABLE,

	NFTA_DEVICE_CHAIN,

	NFTA_DEVICE_SPEC,

	__NFTA_DEVICE_MAX

};

#define NFTA_DEVICE_MAX		(__NFTA_DEVICE_MAX - 1)

include/uapi/linux/netfilter/nfnetlink.h

+0 −2
Original line number Diff line number Diff line
@@ -25,8 +25,6 @@ enum nfnetlink_groups { 
#define NFNLGRP_ACCT_QUOTA		NFNLGRP_ACCT_QUOTA

	NFNLGRP_NFTRACE,

#define NFNLGRP_NFTRACE			NFNLGRP_NFTRACE

	NFNLGRP_NFT_DEV,

#define NFNLGRP_NFT_DEV			NFNLGRP_NFT_DEV

	__NFNLGRP_MAX,

};

#define NFNLGRP_MAX	(__NFNLGRP_MAX - 1)

net/netfilter/nf_tables_api.c

+0 −59
Original line number Diff line number Diff line
@@ -9686,64 +9686,6 @@ struct nf_hook_ops *nft_hook_find_ops_rcu(const struct nft_hook *hook, 
}

EXPORT_SYMBOL_GPL(nft_hook_find_ops_rcu);



static void

nf_tables_device_notify(const struct nft_table *table, int attr,

			const char *name, const struct nft_hook *hook,

			const struct net_device *dev, int event)

{

	struct net *net = dev_net(dev);

	struct nlmsghdr *nlh;

	struct sk_buff *skb;

	u16 flags = 0;



	if (!nfnetlink_has_listeners(net, NFNLGRP_NFT_DEV))

		return;



	skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);

	if (!skb)

		goto err;



	event = event == NETDEV_REGISTER ? NFT_MSG_NEWDEV : NFT_MSG_DELDEV;

	event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);

	nlh = nfnl_msg_put(skb, 0, 0, event, flags, table->family,

			   NFNETLINK_V0, nft_base_seq(net));

	if (!nlh)

		goto err;



	if (nla_put_string(skb, NFTA_DEVICE_TABLE, table->name) ||

	    nla_put_string(skb, attr, name) ||

	    nla_put(skb, NFTA_DEVICE_SPEC, hook->ifnamelen, hook->ifname) ||

	    nla_put_string(skb, NFTA_DEVICE_NAME, dev->name))

		goto err;



	nlmsg_end(skb, nlh);

	nfnetlink_send(skb, net, 0, NFNLGRP_NFT_DEV,

		       nlmsg_report(nlh), GFP_KERNEL);

	return;

err:

	if (skb)

		kfree_skb(skb);

	nfnetlink_set_err(net, 0, NFNLGRP_NFT_DEV, -ENOBUFS);

}



void

nf_tables_chain_device_notify(const struct nft_chain *chain,

			      const struct nft_hook *hook,

			      const struct net_device *dev, int event)

{

	nf_tables_device_notify(chain->table, NFTA_DEVICE_CHAIN,

				chain->name, hook, dev, event);

}



static void

nf_tables_flowtable_device_notify(const struct nft_flowtable *ft,

				  const struct nft_hook *hook,

				  const struct net_device *dev, int event)

{

	nf_tables_device_notify(ft->table, NFTA_DEVICE_FLOWTABLE,

				ft->name, hook, dev, event);

}



static int nft_flowtable_event(unsigned long event, struct net_device *dev,

			       struct nft_flowtable *flowtable, bool changename)

{
@@ -9791,7 +9733,6 @@ static int nft_flowtable_event(unsigned long event, struct net_device *dev, 
			list_add_tail_rcu(&ops->list, &hook->ops_list);

			break;

		}

		nf_tables_flowtable_device_notify(flowtable, hook, dev, event);

		break;

	}

	return 0;

net/netfilter/nfnetlink.c

+0 −1
Original line number Diff line number Diff line
@@ -86,7 +86,6 @@ static const int nfnl_group2type[NFNLGRP_MAX+1] = { 
	[NFNLGRP_NFTABLES]		= NFNL_SUBSYS_NFTABLES,

	[NFNLGRP_ACCT_QUOTA]		= NFNL_SUBSYS_ACCT,

	[NFNLGRP_NFTRACE]		= NFNL_SUBSYS_NFTABLES,

	[NFNLGRP_NFT_DEV]		= NFNL_SUBSYS_NFTABLES,

};



static struct nfnl_net *nfnl_pernet(struct net *net)