diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2018-11-01 18:01:44 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2018-12-15 14:28:48 +0100 |
| commit | 9261e7447ea7b8d33b70ff6ea008f2041a88e255 (patch) | |
| tree | c9af04326ac9953a33fc8fd3e852c11fc1eb4df3 /target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch | |
| parent | 52a82ce3dd901a1536c7d7d9d963e9c2d761c816 (diff) | |
| download | upstream-9261e7447ea7b8d33b70ff6ea008f2041a88e255.tar.gz upstream-9261e7447ea7b8d33b70ff6ea008f2041a88e255.tar.bz2 upstream-9261e7447ea7b8d33b70ff6ea008f2041a88e255.zip | |
kernel: Make the patches apply on top of 4.19
This makes the patches which were just copied in the previous commit
apply on top of kernel 4.19.
The patches in the backports-4.19 folder were checked if they are really
in kernel 4.19 based on the title and only removed if they were found in
the upstream kernel.
The following additional patches form the pending folder went into
upstream Linux 4.19:
pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch
pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch
pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch
pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch
pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch
pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch
Bigger changes were introduced to the m25p80 spi nor driver, as far as I
saw it in the new code, it now has the functionality provided in this
patch:
pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch
Part of this patch went upstream independent of OpenWrt:
hack-4.19/220-gc_sections.patch
This patch was reworked to match the changes done upstream.
The MIPS DMA API changed a lot, this patch was rewritten to match the
new DMA handling:
pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch
I did bigger manual changes to the following patches and I am not 100% sure if they are all correct:
pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch
pending-4.19/411-mtd-partial_eraseblock_write.patch
pending-4.19/600-netfilter_conntrack_flush.patch
pending-4.19/611-netfilter_match_bypass_default_table.patch
pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch
hack-4.19/211-host_tools_portability.patch
hack-4.19/221-module_exports.patch
hack-4.19/321-powerpc_crtsavres_prereq.patch
hack-4.19/902-debloat_proc.patch
This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch')
| -rw-r--r-- | target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch | 1450 |
1 files changed, 0 insertions, 1450 deletions
diff --git a/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch deleted file mode 100644 index 59ec44a482..0000000000 --- a/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ /dev/null @@ -1,1450 +0,0 @@ -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Tue, 9 Jan 2018 02:38:03 +0100 -Subject: [PATCH] netfilter: nf_tables: add single table list for all families - -Place all existing user defined tables in struct net *, instead of -having one list per family. This saves us from one level of indentation -in netlink dump functions. - -Place pointer to struct nft_af_info in struct nft_table temporarily, as -we still need this to put back reference module reference counter on -table removal. - -This patch comes in preparation for the removal of struct nft_af_info. - -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -143,22 +143,22 @@ static inline void nft_data_debug(const - * struct nft_ctx - nf_tables rule/set context - * - * @net: net namespace -- * @afi: address family info - * @table: the table the chain is contained in - * @chain: the chain the rule is contained in - * @nla: netlink attributes - * @portid: netlink portID of the original message - * @seq: netlink sequence number -+ * @family: protocol family - * @report: notify via unicast netlink message - */ - struct nft_ctx { - struct net *net; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain; - const struct nlattr * const *nla; - u32 portid; - u32 seq; -+ u8 family; - bool report; - }; - -@@ -944,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt - * @use: number of chain references to this table - * @flags: table flag (see enum nft_table_flags) - * @genmask: generation mask -+ * @afinfo: address family info - * @name: name of the table - */ - struct nft_table { -@@ -956,6 +957,7 @@ struct nft_table { - u32 use; - u16 flags:14, - genmask:2; -+ struct nft_af_info *afi; - char *name; - }; - -@@ -965,13 +967,11 @@ struct nft_table { - * @list: used internally - * @family: address family - * @owner: module owner -- * @tables: used internally - */ - struct nft_af_info { - struct list_head list; - int family; - struct module *owner; -- struct list_head tables; - }; - - int nft_register_afinfo(struct net *, struct nft_af_info *); ---- a/include/net/netns/nftables.h -+++ b/include/net/netns/nftables.h -@@ -8,6 +8,7 @@ struct nft_af_info; - - struct netns_nftables { - struct list_head af_info; -+ struct list_head tables; - struct list_head commit_list; - struct nft_af_info *ipv4; - struct nft_af_info *ipv6; ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -37,7 +37,6 @@ static LIST_HEAD(nf_tables_flowtables); - */ - int nft_register_afinfo(struct net *net, struct nft_af_info *afi) - { -- INIT_LIST_HEAD(&afi->tables); - nfnl_lock(NFNL_SUBSYS_NFTABLES); - list_add_tail_rcu(&afi->list, &net->nft.af_info); - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -99,13 +98,13 @@ static void nft_ctx_init(struct nft_ctx - struct net *net, - const struct sk_buff *skb, - const struct nlmsghdr *nlh, -- struct nft_af_info *afi, -+ u8 family, - struct nft_table *table, - struct nft_chain *chain, - const struct nlattr * const *nla) - { - ctx->net = net; -- ctx->afi = afi; -+ ctx->family = family; - ctx->table = table; - ctx->chain = chain; - ctx->nla = nla; -@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c - * Tables - */ - --static struct nft_table *nft_table_lookup(const struct nft_af_info *afi, -+static struct nft_table *nft_table_lookup(const struct net *net, - const struct nlattr *nla, -- u8 genmask) -+ u8 family, u8 genmask) - { - struct nft_table *table; - -- list_for_each_entry(table, &afi->tables, list) { -+ list_for_each_entry(table, &net->nft.tables, list) { - if (!nla_strcmp(nla, table->name) && -+ table->afi->family == family && - nft_active_genmask(table, genmask)) - return table; - } - return NULL; - } - --static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi, -+static struct nft_table *nf_tables_table_lookup(const struct net *net, - const struct nlattr *nla, -- u8 genmask) -+ u8 family, u8 genmask) - { - struct nft_table *table; - - if (nla == NULL) - return ERR_PTR(-EINVAL); - -- table = nft_table_lookup(afi, nla, genmask); -+ table = nft_table_lookup(net, nla, family, genmask); - if (table != NULL) - return table; - -@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const - goto err; - - err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table); -+ event, 0, ctx->family, ctx->table); - if (err < 0) { - kfree_skb(skb); - goto err; -@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct - struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - unsigned int idx = 0, s_idx = cb->args[0]; - struct net *net = sock_net(skb->sk); -@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (!nft_is_active(net, table)) -- continue; -- if (nf_tables_fill_table_info(skb, net, -- NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWTABLE, -- NLM_F_MULTI, -- afi->family, table) < 0) -- goto done; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (!nft_is_active(net, table)) -+ continue; -+ if (nf_tables_fill_table_info(skb, net, -+ NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWTABLE, NLM_F_MULTI, -+ table->afi->family, table) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - done: - rcu_read_unlock(); -@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net - return PTR_ERR(afi); - - name = nla[NFTA_TABLE_NAME]; -- table = nf_tables_table_lookup(afi, name, genmask); -+ table = nf_tables_table_lookup(net, name, afi->family, genmask); - if (IS_ERR(table)) { - if (PTR_ERR(table) != -ENOENT) - return PTR_ERR(table); -@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net - if (nlh->nlmsg_flags & NLM_F_REPLACE) - return -EOPNOTSUPP; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - return nf_tables_updtable(&ctx); - } - -@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net - INIT_LIST_HEAD(&table->sets); - INIT_LIST_HEAD(&table->objects); - INIT_LIST_HEAD(&table->flowtables); -+ table->afi = afi; - table->flags = flags; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); - if (err < 0) - goto err4; - -- list_add_tail_rcu(&table->list, &afi->tables); -+ list_add_tail_rcu(&table->list, &net->nft.tables); - return 0; - err4: - kfree(table->name); -@@ -866,30 +864,28 @@ out: - - static int nft_flush(struct nft_ctx *ctx, int family) - { -- struct nft_af_info *afi; - struct nft_table *table, *nt; - const struct nlattr * const *nla = ctx->nla; - int err = 0; - -- list_for_each_entry(afi, &ctx->net->nft.af_info, list) { -- if (family != AF_UNSPEC && afi->family != family) -+ list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { -+ if (family != AF_UNSPEC && table->afi->family != family) - continue; - -- ctx->afi = afi; -- list_for_each_entry_safe(table, nt, &afi->tables, list) { -- if (!nft_is_active_next(ctx->net, table)) -- continue; -+ ctx->family = table->afi->family; - -- if (nla[NFTA_TABLE_NAME] && -- nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0) -- continue; -+ if (!nft_is_active_next(ctx->net, table)) -+ continue; - -- ctx->table = table; -+ if (nla[NFTA_TABLE_NAME] && -+ nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0) -+ continue; - -- err = nft_flush_table(ctx); -- if (err < 0) -- goto out; -- } -+ ctx->table = table; -+ -+ err = nft_flush_table(ctx); -+ if (err < 0) -+ goto out; - } - out: - return err; -@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net - int family = nfmsg->nfgen_family; - struct nft_ctx ctx; - -- nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); - if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) - return nft_flush(&ctx, family); - -@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net - table->use > 0) - return -EBUSY; - -- ctx.afi = afi; -+ ctx.family = afi->family; - ctx.table = table; - - return nft_flush_table(&ctx); -@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru - - kfree(ctx->table->name); - kfree(ctx->table); -- module_put(ctx->afi->owner); -+ module_put(ctx->table->afi->owner); - } - - int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const - goto err; - - err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table, -+ event, 0, ctx->family, ctx->table, - ctx->chain); - if (err < 0) { - kfree_skb(skb); -@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct - struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(chain, &table->chains, list) { -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (!nft_is_active(net, chain)) -- continue; -- if (nf_tables_fill_chain_info(skb, net, -- NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWCHAIN, -- NLM_F_MULTI, -- afi->family, table, chain) < 0) -- goto done; -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (!nft_is_active(net, chain)) -+ continue; -+ if (nf_tables_fill_chain_info(skb, net, -+ NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWCHAIN, -+ NLM_F_MULTI, -+ table->afi->family, table, -+ chain) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1332,8 +1328,8 @@ struct nft_chain_hook { - - static int nft_chain_parse_hook(struct net *net, - const struct nlattr * const nla[], -- struct nft_af_info *afi, -- struct nft_chain_hook *hook, bool create) -+ struct nft_chain_hook *hook, u8 family, -+ bool create) - { - struct nlattr *ha[NFTA_HOOK_MAX + 1]; - const struct nf_chain_type *type; -@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n - hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); - hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); - -- type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -+ type = chain_type[family][NFT_CHAIN_T_DEFAULT]; - if (nla[NFTA_CHAIN_TYPE]) { - type = nf_tables_chain_type_lookup(nla[NFTA_CHAIN_TYPE], -- afi->family, create); -+ family, create); - if (IS_ERR(type)) - return PTR_ERR(type); - } -@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n - hook->type = type; - - hook->dev = NULL; -- if (afi->family == NFPROTO_NETDEV) { -+ if (family == NFPROTO_NETDEV) { - char ifname[IFNAMSIZ]; - - if (!ha[NFTA_HOOK_DEV]) { -@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft - { - const struct nlattr * const *nla = ctx->nla; - struct nft_table *table = ctx->table; -- struct nft_af_info *afi = ctx->afi; - struct nft_base_chain *basechain; - struct nft_stats __percpu *stats; - struct net *net = ctx->net; -@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft - struct nft_chain_hook hook; - struct nf_hook_ops *ops; - -- err = nft_chain_parse_hook(net, nla, afi, &hook, create); -+ err = nft_chain_parse_hook(net, nla, &hook, family, create); - if (err < 0) - return err; - -@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft - if (!nft_is_base_chain(chain)) - return -EBUSY; - -- err = nft_chain_parse_hook(ctx->net, nla, ctx->afi, &hook, -+ err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family, - create); - if (err < 0) - return err; -@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net - } - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - if (chain != NULL) { - if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net - chain->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - use = chain->use; - list_for_each_entry(rule, &chain->rules, list) { -@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st - if (err < 0) - return err; - -- type = nft_expr_type_get(ctx->afi->family, tb[NFTA_EXPR_NAME]); -+ type = nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]); - if (IS_ERR(type)) - return PTR_ERR(type); - -@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const - goto err; - - err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table, -+ event, 0, ctx->family, ctx->table, - ctx->chain, rule); - if (err < 0) { - kfree_skb(skb); -@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); - const struct nft_rule_dump_ctx *ctx = cb->data; -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - const struct nft_rule *rule; -@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ continue; -+ -+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx && ctx->table && -- strcmp(ctx->table, table->name) != 0) -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (ctx && ctx->chain && -+ strcmp(ctx->chain, chain->name) != 0) - continue; - -- list_for_each_entry_rcu(chain, &table->chains, list) { -- if (ctx && ctx->chain && -- strcmp(ctx->chain, chain->name) != 0) -- continue; -- -- list_for_each_entry_rcu(rule, &chain->rules, list) { -- if (!nft_is_active(net, rule)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWRULE, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, table, chain, rule) < 0) -- goto done; -+ list_for_each_entry_rcu(rule, &chain->rules, list) { -+ if (!nft_is_active(net, rule)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWRULE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, -+ table, chain, rule) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - } -@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2322,7 +2317,8 @@ static int nf_tables_newrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2361,7 +2357,7 @@ static int nf_tables_newrule(struct net - return PTR_ERR(old_rule); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - n = 0; - size = 0; -@@ -2501,7 +2497,8 @@ static int nf_tables_delrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2512,7 +2509,7 @@ static int nf_tables_delrule(struct net - return PTR_ERR(chain); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - if (chain) { - if (nla[NFTA_RULE_HANDLE]) { -@@ -2710,13 +2707,13 @@ static int nft_ctx_init_from_setattr(str - if (afi == NULL) - return -EAFNOSUPPORT; - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], -- genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - } - -- nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); - return 0; - } - -@@ -2844,7 +2841,7 @@ static int nf_tables_fill_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = ctx->afi->family; -+ nfmsg->nfgen_family = ctx->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); - -@@ -2936,10 +2933,8 @@ static int nf_tables_dump_sets(struct sk - { - const struct nft_set *set; - unsigned int idx, s_idx = cb->args[0]; -- struct nft_af_info *afi; - struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2]; - struct net *net = sock_net(skb->sk); -- int cur_family = cb->args[3]; - struct nft_ctx *ctx = cb->data, ctx_set; - - if (cb->args[1]) -@@ -2948,51 +2943,44 @@ static int nf_tables_dump_sets(struct sk - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (ctx->afi && ctx->afi != afi) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (ctx->family != NFPROTO_UNSPEC && -+ ctx->family != table->afi->family) - continue; - -- if (cur_family) { -- if (afi->family != cur_family) -- continue; -+ if (ctx->table && ctx->table != table) -+ continue; - -- cur_family = 0; -- } -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx->table && ctx->table != table) -+ if (cur_table) { -+ if (cur_table != table) - continue; - -- if (cur_table) { -- if (cur_table != table) -- continue; -+ cur_table = NULL; -+ } -+ idx = 0; -+ list_for_each_entry_rcu(set, &table->sets, list) { -+ if (idx < s_idx) -+ goto cont; -+ if (!nft_is_active(net, set)) -+ goto cont; - -- cur_table = NULL; -+ ctx_set = *ctx; -+ ctx_set.table = table; -+ ctx_set.family = table->afi->family; -+ -+ if (nf_tables_fill_set(skb, &ctx_set, set, -+ NFT_MSG_NEWSET, -+ NLM_F_MULTI) < 0) { -+ cb->args[0] = idx; -+ cb->args[2] = (unsigned long) table; -+ goto done; - } -- idx = 0; -- list_for_each_entry_rcu(set, &table->sets, list) { -- if (idx < s_idx) -- goto cont; -- if (!nft_is_active(net, set)) -- goto cont; -- -- ctx_set = *ctx; -- ctx_set.table = table; -- ctx_set.afi = afi; -- if (nf_tables_fill_set(skb, &ctx_set, set, -- NFT_MSG_NEWSET, -- NLM_F_MULTI) < 0) { -- cb->args[0] = idx; -- cb->args[2] = (unsigned long) table; -- cb->args[3] = afi->family; -- goto done; -- } -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -- if (s_idx) -- s_idx = 0; -+ idx++; - } -+ if (s_idx) -+ s_idx = 0; - } - cb->args[1] = 1; - done: -@@ -3202,11 +3190,12 @@ static int nf_tables_newset(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); - if (IS_ERR(set)) { -@@ -3475,12 +3464,12 @@ static int nft_ctx_init_from_elemattr(st - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_ELEM_LIST_TABLE], -- genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); - return 0; - } - -@@ -3585,7 +3574,6 @@ static int nf_tables_dump_set(struct sk_ - { - struct nft_set_dump_ctx *dump_ctx = cb->data; - struct net *net = sock_net(skb->sk); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_set *set; - struct nft_set_dump_args args; -@@ -3597,21 +3585,19 @@ static int nf_tables_dump_set(struct sk_ - int event; - - rcu_read_lock(); -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (afi != dump_ctx->ctx.afi) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (dump_ctx->ctx.family != NFPROTO_UNSPEC && -+ dump_ctx->ctx.family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (table != dump_ctx->ctx.table) -- continue; -+ if (table != dump_ctx->ctx.table) -+ continue; - -- list_for_each_entry_rcu(set, &table->sets, list) { -- if (set == dump_ctx->set) { -- set_found = true; -- break; -- } -+ list_for_each_entry_rcu(set, &table->sets, list) { -+ if (set == dump_ctx->set) { -+ set_found = true; -+ break; - } -- break; - } - break; - } -@@ -3631,7 +3617,7 @@ static int nf_tables_dump_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = afi->family; -+ nfmsg->nfgen_family = table->afi->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(net->nft.base_seq & 0xffff); - -@@ -3733,7 +3719,7 @@ static int nf_tables_fill_setelem_info(s - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = ctx->afi->family; -+ nfmsg->nfgen_family = ctx->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); - -@@ -3977,7 +3963,7 @@ static int nft_add_set_elem(struct nft_c - list_for_each_entry(binding, &set->bindings, list) { - struct nft_ctx bind_ctx = { - .net = ctx->net, -- .afi = ctx->afi, -+ .family = ctx->family, - .table = ctx->table, - .chain = (struct nft_chain *)binding->chain, - }; -@@ -4527,7 +4513,8 @@ static int nf_tables_newobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4545,7 +4532,7 @@ static int nf_tables_newobj(struct net * - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - type = nft_obj_type_get(objtype); - if (IS_ERR(type)) -@@ -4622,7 +4609,6 @@ struct nft_obj_filter { - static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - unsigned int idx = 0, s_idx = cb->args[0]; - struct nft_obj_filter *filter = cb->data; -@@ -4637,38 +4623,37 @@ static int nf_tables_dump_obj(struct sk_ - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(obj, &table->objects, list) { -- if (!nft_is_active(net, obj)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table && -- strcmp(filter->table, table->name)) -- goto cont; -- if (filter && -- filter->type != NFT_OBJECT_UNSPEC && -- obj->ops->type->type != filter->type) -- goto cont; -+ list_for_each_entry_rcu(obj, &table->objects, list) { -+ if (!nft_is_active(net, obj)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table && -+ strcmp(filter->table, table->name)) -+ goto cont; -+ if (filter && -+ filter->type != NFT_OBJECT_UNSPEC && -+ obj->ops->type->type != filter->type) -+ goto cont; - -- if (nf_tables_fill_obj_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWOBJ, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, table, obj, reset) < 0) -- goto done; -+ if (nf_tables_fill_obj_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWOBJ, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, table, -+ obj, reset) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -4755,7 +4740,8 @@ static int nf_tables_getobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4815,7 +4801,8 @@ static int nf_tables_delobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4826,7 +4813,7 @@ static int nf_tables_delobj(struct net * - if (obj->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - return nft_delobj(&ctx, obj); - } -@@ -4864,7 +4851,7 @@ static void nf_tables_obj_notify(const s - struct nft_object *obj, int event) - { - nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, -- ctx->afi->family, ctx->report, GFP_KERNEL); -+ ctx->family, ctx->report, GFP_KERNEL); - } - - /* -@@ -5054,7 +5041,7 @@ void nft_flow_table_iterate(struct net * - - rcu_read_lock(); - list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- list_for_each_entry_rcu(table, &afi->tables, list) { -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { - list_for_each_entry_rcu(flowtable, &table->flowtables, list) { - iter(&flowtable->data, data); - } -@@ -5102,7 +5089,8 @@ static int nf_tables_newflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5119,7 +5107,7 @@ static int nf_tables_newflowtable(struct - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); - if (!flowtable) -@@ -5200,7 +5188,8 @@ static int nf_tables_delflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5211,7 +5200,7 @@ static int nf_tables_delflowtable(struct - if (flowtable->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - return nft_delflowtable(&ctx, flowtable); - } -@@ -5280,40 +5269,37 @@ static int nf_tables_dump_flowtable(stru - struct net *net = sock_net(skb->sk); - int family = nfmsg->nfgen_family; - struct nft_flowtable *flowtable; -- const struct nft_af_info *afi; - const struct nft_table *table; - - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -- if (!nft_is_active(net, flowtable)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table[0] && -- strcmp(filter->table, table->name)) -- goto cont; -+ list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ if (!nft_is_active(net, flowtable)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table && -+ strcmp(filter->table, table->name)) -+ goto cont; - -- if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWFLOWTABLE, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, flowtable) < 0) -- goto done; -+ if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWFLOWTABLE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, flowtable) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -5398,7 +5384,8 @@ static int nf_tables_getflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5441,7 +5428,7 @@ static void nf_tables_flowtable_notify(s - - err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, - ctx->seq, event, 0, -- ctx->afi->family, flowtable); -+ ctx->family, flowtable); - if (err < 0) { - kfree_skb(skb); - goto err; -@@ -5519,17 +5506,14 @@ static int nf_tables_flowtable_event(str - struct net_device *dev = netdev_notifier_info_to_dev(ptr); - struct nft_flowtable *flowtable; - struct nft_table *table; -- struct nft_af_info *afi; - - if (event != NETDEV_UNREGISTER) - return 0; - - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -- list_for_each_entry(table, &afi->tables, list) { -- list_for_each_entry(flowtable, &table->flowtables, list) { -- nft_flowtable_event(event, dev, flowtable); -- } -+ list_for_each_entry(table, &dev_net(dev)->nft.tables, list) { -+ list_for_each_entry(flowtable, &table->flowtables, list) { -+ nft_flowtable_event(event, dev, flowtable); - } - } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6555,6 +6539,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); - static int __net_init nf_tables_init_net(struct net *net) - { - INIT_LIST_HEAD(&net->nft.af_info); -+ INIT_LIST_HEAD(&net->nft.tables); - INIT_LIST_HEAD(&net->nft.commit_list); - net->nft.base_seq = 1; - return 0; -@@ -6591,10 +6576,10 @@ static void __nft_release_afinfo(struct - struct nft_set *set, *ns; - struct nft_ctx ctx = { - .net = net, -- .afi = afi, -+ .family = afi->family, - }; - -- list_for_each_entry_safe(table, nt, &afi->tables, list) { -+ list_for_each_entry_safe(table, nt, &net->nft.tables, list) { - list_for_each_entry(chain, &table->chains, list) - nf_tables_unregister_hook(net, table, chain); - list_for_each_entry(flowtable, &table->flowtables, list) ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -107,7 +107,6 @@ static int nf_tables_netdev_event(struct - unsigned long event, void *ptr) - { - struct net_device *dev = netdev_notifier_info_to_dev(ptr); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain, *nr; - struct nft_ctx ctx = { -@@ -119,20 +118,18 @@ static int nf_tables_netdev_event(struct - return NOTIFY_DONE; - - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -- ctx.afi = afi; -- if (afi->family != NFPROTO_NETDEV) -+ list_for_each_entry(table, &ctx.net->nft.tables, list) { -+ if (table->afi->family != NFPROTO_NETDEV) - continue; - -- list_for_each_entry(table, &afi->tables, list) { -- ctx.table = table; -- list_for_each_entry_safe(chain, nr, &table->chains, list) { -- if (!nft_is_base_chain(chain)) -- continue; -+ ctx.family = table->afi->family; -+ ctx.table = table; -+ list_for_each_entry_safe(chain, nr, &table->chains, list) { -+ if (!nft_is_base_chain(chain)) -+ continue; - -- ctx.chain = chain; -- nft_netdev_event(event, dev, &ctx); -- } -+ ctx.chain = chain; -+ nft_netdev_event(event, dev, &ctx); - } - } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); ---- a/net/netfilter/nft_compat.c -+++ b/net/netfilter/nft_compat.c -@@ -161,7 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgc - { - par->net = ctx->net; - par->table = ctx->table->name; -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case AF_INET: - entry->e4.ip.proto = proto; - entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -192,7 +192,7 @@ nft_target_set_tgchk_param(struct xt_tgc - } else { - par->hook_mask = 0; - } -- par->family = ctx->afi->family; -+ par->family = ctx->family; - par->nft_compat = true; - } - -@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx - par.net = ctx->net; - par.target = target; - par.targinfo = info; -- par.family = ctx->afi->family; -+ par.family = ctx->family; - if (par.target->destroy != NULL) - par.target->destroy(&par); - -@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch - { - par->net = ctx->net; - par->table = ctx->table->name; -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case AF_INET: - entry->e4.ip.proto = proto; - entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch - } else { - par->hook_mask = 0; - } -- par->family = ctx->afi->family; -+ par->family = ctx->family; - par->nft_compat = true; - } - -@@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx - par.net = ctx->net; - par.match = match; - par.matchinfo = info; -- par.family = ctx->afi->family; -+ par.family = ctx->family; - if (par.match->destroy != NULL) - par.match->destroy(&par); - -@@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct - - mt_name = nla_data(tb[NFTA_MATCH_NAME]); - rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); -- family = ctx->afi->family; -+ family = ctx->family; - - /* Re-use the existing match if it's already loaded. */ - list_for_each_entry(nft_match, &nft_match_list, head) { -@@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c - - tg_name = nla_data(tb[NFTA_TARGET_NAME]); - rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); -- family = ctx->afi->family; -+ family = ctx->family; - - if (strcmp(tg_name, XT_ERROR_TARGET) == 0 || - strcmp(tg_name, XT_STANDARD_TARGET) == 0 || ---- a/net/netfilter/nft_ct.c -+++ b/net/netfilter/nft_ct.c -@@ -405,7 +405,7 @@ static int nft_ct_get_init(const struct - if (tb[NFTA_CT_DIRECTION] == NULL) - return -EINVAL; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_IPV4: - len = FIELD_SIZEOF(struct nf_conntrack_tuple, - src.u3.ip); -@@ -456,7 +456,7 @@ static int nft_ct_get_init(const struct - if (err < 0) - return err; - -- err = nf_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->family); - if (err < 0) - return err; - -@@ -550,7 +550,7 @@ static int nft_ct_set_init(const struct - if (err < 0) - goto err1; - -- err = nf_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->family); - if (err < 0) - goto err1; - -@@ -564,7 +564,7 @@ err1: - static void nft_ct_get_destroy(const struct nft_ctx *ctx, - const struct nft_expr *expr) - { -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static void nft_ct_set_destroy(const struct nft_ctx *ctx, -@@ -573,7 +573,7 @@ static void nft_ct_set_destroy(const str - struct nft_ct *priv = nft_expr_priv(expr); - - __nft_ct_set_destroy(ctx, priv); -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) -@@ -734,7 +734,7 @@ static int nft_ct_helper_obj_init(const - struct nft_ct_helper_obj *priv = nft_obj_data(obj); - struct nf_conntrack_helper *help4, *help6; - char name[NF_CT_HELPER_NAME_LEN]; -- int family = ctx->afi->family; -+ int family = ctx->family; - - if (!tb[NFTA_CT_HELPER_NAME] || !tb[NFTA_CT_HELPER_L4PROTO]) - return -EINVAL; -@@ -753,14 +753,14 @@ static int nft_ct_helper_obj_init(const - - switch (family) { - case NFPROTO_IPV4: -- if (ctx->afi->family == NFPROTO_IPV6) -+ if (ctx->family == NFPROTO_IPV6) - return -EINVAL; - - help4 = nf_conntrack_helper_try_module_get(name, family, - priv->l4proto); - break; - case NFPROTO_IPV6: -- if (ctx->afi->family == NFPROTO_IPV4) -+ if (ctx->family == NFPROTO_IPV4) - return -EINVAL; - - help6 = nf_conntrack_helper_try_module_get(name, family, ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -151,7 +151,7 @@ static int nft_flow_offload_init(const s - priv->flowtable = flowtable; - flowtable->use++; - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - - static void nft_flow_offload_destroy(const struct nft_ctx *ctx, -@@ -160,7 +160,7 @@ static void nft_flow_offload_destroy(con - struct nft_flow_offload *priv = nft_expr_priv(expr); - - priv->flowtable->use--; -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static int nft_flow_offload_dump(struct sk_buff *skb, const struct nft_expr *expr) ---- a/net/netfilter/nft_log.c -+++ b/net/netfilter/nft_log.c -@@ -112,7 +112,7 @@ static int nft_log_init(const struct nft - break; - } - -- err = nf_logger_find_get(ctx->afi->family, li->type); -+ err = nf_logger_find_get(ctx->family, li->type); - if (err < 0) - goto err1; - -@@ -133,7 +133,7 @@ static void nft_log_destroy(const struct - if (priv->prefix != nft_log_null_prefix) - kfree(priv->prefix); - -- nf_logger_put(ctx->afi->family, li->type); -+ nf_logger_put(ctx->family, li->type); - } - - static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr) ---- a/net/netfilter/nft_masq.c -+++ b/net/netfilter/nft_masq.c -@@ -73,7 +73,7 @@ int nft_masq_init(const struct nft_ctx * - } - } - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - EXPORT_SYMBOL_GPL(nft_masq_init); - ---- a/net/netfilter/nft_meta.c -+++ b/net/netfilter/nft_meta.c -@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s - if (priv->key != NFT_META_SECPATH) - return 0; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_NETDEV: - hooks = 1 << NF_NETDEV_INGRESS; - break; -@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n - if (priv->key != NFT_META_PKTTYPE) - return 0; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_BRIDGE: - hooks = 1 << NF_BR_PRE_ROUTING; - break; ---- a/net/netfilter/nft_nat.c -+++ b/net/netfilter/nft_nat.c -@@ -142,7 +142,7 @@ static int nft_nat_init(const struct nft - return -EINVAL; - - family = ntohl(nla_get_be32(tb[NFTA_NAT_FAMILY])); -- if (family != ctx->afi->family) -+ if (family != ctx->family) - return -EOPNOTSUPP; - - switch (family) { ---- a/net/netfilter/nft_redir.c -+++ b/net/netfilter/nft_redir.c -@@ -75,7 +75,7 @@ int nft_redir_init(const struct nft_ctx - return -EINVAL; - } - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - EXPORT_SYMBOL_GPL(nft_redir_init); - |