diff options
Diffstat (limited to 'target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch | 1204 |
1 files changed, 1204 insertions, 0 deletions
diff --git a/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch new file mode 100644 index 0000000000..73cdab0be0 --- /dev/null +++ b/target/linux/generic/backport-4.14/338-v4.16-netfilter-nf_tables-get-rid-of-struct-nft_af_info-ab.patch @@ -0,0 +1,1204 @@ +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Tue, 9 Jan 2018 02:48:47 +0100 +Subject: [PATCH] netfilter: nf_tables: get rid of struct nft_af_info + abstraction + +Remove the infrastructure to register/unregister nft_af_info structure, +this structure stores no useful information anymore. + +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + +--- a/include/net/netfilter/nf_tables.h ++++ b/include/net/netfilter/nf_tables.h +@@ -950,28 +950,12 @@ struct nft_table { + struct list_head flowtables; + u64 hgenerator; + u32 use; +- u16 flags:14, ++ u16 family:6, ++ flags:8, + genmask:2; +- struct nft_af_info *afi; + char *name; + }; + +-/** +- * struct nft_af_info - nf_tables address family info +- * +- * @list: used internally +- * @family: address family +- * @owner: module owner +- */ +-struct nft_af_info { +- struct list_head list; +- int family; +- struct module *owner; +-}; +- +-int nft_register_afinfo(struct nft_af_info *); +-void nft_unregister_afinfo(struct nft_af_info *); +- + int nft_register_chain_type(const struct nf_chain_type *); + void nft_unregister_chain_type(const struct nf_chain_type *); + +@@ -1139,9 +1123,6 @@ void nft_trace_notify(struct nft_tracein + #define nft_dereference(p) \ + nfnl_dereference(p, NFNL_SUBSYS_NFTABLES) + +-#define MODULE_ALIAS_NFT_FAMILY(family) \ +- MODULE_ALIAS("nft-afinfo-" __stringify(family)) +- + #define MODULE_ALIAS_NFT_CHAIN(family, name) \ + MODULE_ALIAS("nft-chain-" __stringify(family) "-" name) + +--- a/net/bridge/netfilter/nf_tables_bridge.c ++++ b/net/bridge/netfilter/nf_tables_bridge.c +@@ -42,11 +42,6 @@ nft_do_chain_bridge(void *priv, + return nft_do_chain(&pkt, priv); + } + +-static struct nft_af_info nft_af_bridge __read_mostly = { +- .family = NFPROTO_BRIDGE, +- .owner = THIS_MODULE, +-}; +- + static const struct nf_chain_type filter_bridge = { + .name = "filter", + .type = NFT_CHAIN_T_DEFAULT, +@@ -68,28 +63,12 @@ static const struct nf_chain_type filter + + static int __init nf_tables_bridge_init(void) + { +- int ret; +- +- ret = nft_register_afinfo(&nft_af_bridge); +- if (ret < 0) +- return ret; +- +- ret = nft_register_chain_type(&filter_bridge); +- if (ret < 0) +- goto err_register_chain; +- +- return ret; +- +-err_register_chain: +- nft_unregister_chain_type(&filter_bridge); +- +- return ret; ++ return nft_register_chain_type(&filter_bridge); + } + + static void __exit nf_tables_bridge_exit(void) + { + nft_unregister_chain_type(&filter_bridge); +- nft_unregister_afinfo(&nft_af_bridge); + } + + module_init(nf_tables_bridge_init); +@@ -97,4 +76,4 @@ module_exit(nf_tables_bridge_exit); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); +-MODULE_ALIAS_NFT_FAMILY(AF_BRIDGE); ++MODULE_ALIAS_NFT_CHAIN(AF_BRIDGE, "filter"); +--- a/net/ipv4/netfilter/nf_tables_arp.c ++++ b/net/ipv4/netfilter/nf_tables_arp.c +@@ -27,11 +27,6 @@ nft_do_chain_arp(void *priv, + return nft_do_chain(&pkt, priv); + } + +-static struct nft_af_info nft_af_arp __read_mostly = { +- .family = NFPROTO_ARP, +- .owner = THIS_MODULE, +-}; +- + static const struct nf_chain_type filter_arp = { + .name = "filter", + .type = NFT_CHAIN_T_DEFAULT, +@@ -47,28 +42,12 @@ static const struct nf_chain_type filter + + static int __init nf_tables_arp_init(void) + { +- int ret; +- +- ret = nft_register_afinfo(&nft_af_arp); +- if (ret < 0) +- return ret; +- +- ret = nft_register_chain_type(&filter_arp); +- if (ret < 0) +- goto err_register_chain; +- +- return 0; +- +-err_register_chain: +- nft_unregister_chain_type(&filter_arp); +- +- return ret; ++ return nft_register_chain_type(&filter_arp); + } + + static void __exit nf_tables_arp_exit(void) + { + nft_unregister_chain_type(&filter_arp); +- nft_unregister_afinfo(&nft_af_arp); + } + + module_init(nf_tables_arp_init); +@@ -76,4 +55,4 @@ module_exit(nf_tables_arp_exit); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); +-MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */ ++MODULE_ALIAS_NFT_CHAIN(3, "filter"); /* NFPROTO_ARP */ +--- a/net/ipv4/netfilter/nf_tables_ipv4.c ++++ b/net/ipv4/netfilter/nf_tables_ipv4.c +@@ -30,11 +30,6 @@ static unsigned int nft_do_chain_ipv4(vo + return nft_do_chain(&pkt, priv); + } + +-static struct nft_af_info nft_af_ipv4 __read_mostly = { +- .family = NFPROTO_IPV4, +- .owner = THIS_MODULE, +-}; +- + static const struct nf_chain_type filter_ipv4 = { + .name = "filter", + .type = NFT_CHAIN_T_DEFAULT, +@@ -56,27 +51,12 @@ static const struct nf_chain_type filter + + static int __init nf_tables_ipv4_init(void) + { +- int ret; +- +- ret = nft_register_afinfo(&nft_af_ipv4); +- if (ret < 0) +- return ret; +- +- ret = nft_register_chain_type(&filter_ipv4); +- if (ret < 0) +- goto err_register_chain; +- +- return 0; +- +-err_register_chain: +- nft_unregister_afinfo(&nft_af_ipv4); +- return ret; ++ return nft_register_chain_type(&filter_ipv4); + } + + static void __exit nf_tables_ipv4_exit(void) + { + nft_unregister_chain_type(&filter_ipv4); +- nft_unregister_afinfo(&nft_af_ipv4); + } + + module_init(nf_tables_ipv4_init); +@@ -84,4 +64,4 @@ module_exit(nf_tables_ipv4_exit); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); +-MODULE_ALIAS_NFT_FAMILY(AF_INET); ++MODULE_ALIAS_NFT_CHAIN(AF_INET, "filter"); +--- a/net/ipv6/netfilter/nf_tables_ipv6.c ++++ b/net/ipv6/netfilter/nf_tables_ipv6.c +@@ -28,11 +28,6 @@ static unsigned int nft_do_chain_ipv6(vo + return nft_do_chain(&pkt, priv); + } + +-static struct nft_af_info nft_af_ipv6 __read_mostly = { +- .family = NFPROTO_IPV6, +- .owner = THIS_MODULE, +-}; +- + static const struct nf_chain_type filter_ipv6 = { + .name = "filter", + .type = NFT_CHAIN_T_DEFAULT, +@@ -54,26 +49,11 @@ static const struct nf_chain_type filter + + static int __init nf_tables_ipv6_init(void) + { +- int ret; +- +- ret = nft_register_afinfo(&nft_af_ipv6); +- if (ret < 0) +- return ret; +- +- ret = nft_register_chain_type(&filter_ipv6); +- if (ret < 0) +- goto err_register_chain; +- +- return 0; +- +-err_register_chain: +- nft_unregister_afinfo(&nft_af_ipv6); +- return ret; ++ return nft_register_chain_type(&filter_ipv6); + } + + static void __exit nf_tables_ipv6_exit(void) + { +- nft_unregister_afinfo(&nft_af_ipv6); + nft_unregister_chain_type(&filter_ipv6); + } + +@@ -82,4 +62,4 @@ module_exit(nf_tables_ipv6_exit); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); +-MODULE_ALIAS_NFT_FAMILY(AF_INET6); ++MODULE_ALIAS_NFT_CHAIN(AF_INET6, "filter"); +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -26,71 +26,6 @@ + static LIST_HEAD(nf_tables_expressions); + static LIST_HEAD(nf_tables_objects); + static LIST_HEAD(nf_tables_flowtables); +-static LIST_HEAD(nf_tables_af_info); +- +-/** +- * nft_register_afinfo - register nf_tables address family info +- * +- * @afi: address family info to register +- * +- * Register the address family for use with nf_tables. Returns zero on +- * success or a negative errno code otherwise. +- */ +-int nft_register_afinfo(struct nft_af_info *afi) +-{ +- nfnl_lock(NFNL_SUBSYS_NFTABLES); +- list_add_tail_rcu(&afi->list, &nf_tables_af_info); +- nfnl_unlock(NFNL_SUBSYS_NFTABLES); +- return 0; +-} +-EXPORT_SYMBOL_GPL(nft_register_afinfo); +- +-/** +- * nft_unregister_afinfo - unregister nf_tables address family info +- * +- * @afi: address family info to unregister +- * +- * Unregister the address family for use with nf_tables. +- */ +-void nft_unregister_afinfo(struct nft_af_info *afi) +-{ +- nfnl_lock(NFNL_SUBSYS_NFTABLES); +- list_del_rcu(&afi->list); +- nfnl_unlock(NFNL_SUBSYS_NFTABLES); +-} +-EXPORT_SYMBOL_GPL(nft_unregister_afinfo); +- +-static struct nft_af_info *nft_afinfo_lookup(struct net *net, int family) +-{ +- struct nft_af_info *afi; +- +- list_for_each_entry(afi, &nf_tables_af_info, list) { +- if (afi->family == family) +- return afi; +- } +- return NULL; +-} +- +-static struct nft_af_info * +-nf_tables_afinfo_lookup(struct net *net, int family, bool autoload) +-{ +- struct nft_af_info *afi; +- +- afi = nft_afinfo_lookup(net, family); +- if (afi != NULL) +- return afi; +-#ifdef CONFIG_MODULES +- if (autoload) { +- nfnl_unlock(NFNL_SUBSYS_NFTABLES); +- request_module("nft-afinfo-%u", family); +- nfnl_lock(NFNL_SUBSYS_NFTABLES); +- afi = nft_afinfo_lookup(net, family); +- if (afi != NULL) +- return ERR_PTR(-EAGAIN); +- } +-#endif +- return ERR_PTR(-EAFNOSUPPORT); +-} + + static void nft_ctx_init(struct nft_ctx *ctx, + struct net *net, +@@ -390,7 +325,7 @@ static struct nft_table *nft_table_looku + + list_for_each_entry(table, &net->nft.tables, list) { + if (!nla_strcmp(nla, table->name) && +- table->afi->family == family && ++ table->family == family && + nft_active_genmask(table, genmask)) + return table; + } +@@ -531,7 +466,7 @@ static int nf_tables_dump_tables(struct + cb->seq = net->nft.base_seq; + + list_for_each_entry_rcu(table, &net->nft.tables, list) { +- if (family != NFPROTO_UNSPEC && family != table->afi->family) ++ if (family != NFPROTO_UNSPEC && family != table->family) + continue; + + if (idx < s_idx) +@@ -545,7 +480,7 @@ static int nf_tables_dump_tables(struct + NETLINK_CB(cb->skb).portid, + cb->nlh->nlmsg_seq, + NFT_MSG_NEWTABLE, NLM_F_MULTI, +- table->afi->family, table) < 0) ++ table->family, table) < 0) + goto done; + + nl_dump_check_consistent(cb, nlmsg_hdr(skb)); +@@ -565,7 +500,6 @@ static int nf_tables_gettable(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_cur(net); +- const struct nft_af_info *afi; + const struct nft_table *table; + struct sk_buff *skb2; + int family = nfmsg->nfgen_family; +@@ -578,11 +512,7 @@ static int nf_tables_gettable(struct net + return netlink_dump_start(nlsk, skb, nlh, &c); + } + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -702,19 +632,14 @@ static int nf_tables_newtable(struct net + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); + const struct nlattr *name; +- struct nft_af_info *afi; + struct nft_table *table; + int family = nfmsg->nfgen_family; + u32 flags = 0; + struct nft_ctx ctx; + int err; + +- afi = nf_tables_afinfo_lookup(net, family, true); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- + name = nla[NFTA_TABLE_NAME]; +- table = nf_tables_table_lookup(net, name, afi->family, genmask); ++ table = nf_tables_table_lookup(net, name, family, genmask); + if (IS_ERR(table)) { + if (PTR_ERR(table) != -ENOENT) + return PTR_ERR(table); +@@ -724,7 +649,7 @@ static int nf_tables_newtable(struct net + if (nlh->nlmsg_flags & NLM_F_REPLACE) + return -EOPNOTSUPP; + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + return nf_tables_updtable(&ctx); + } + +@@ -734,40 +659,34 @@ static int nf_tables_newtable(struct net + return -EINVAL; + } + +- err = -EAFNOSUPPORT; +- if (!try_module_get(afi->owner)) +- goto err1; +- + err = -ENOMEM; + table = kzalloc(sizeof(*table), GFP_KERNEL); + if (table == NULL) +- goto err2; ++ goto err_kzalloc; + + table->name = nla_strdup(name, GFP_KERNEL); + if (table->name == NULL) +- goto err3; ++ goto err_strdup; + + INIT_LIST_HEAD(&table->chains); + INIT_LIST_HEAD(&table->sets); + INIT_LIST_HEAD(&table->objects); + INIT_LIST_HEAD(&table->flowtables); +- table->afi = afi; ++ table->family = family; + table->flags = flags; + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); + if (err < 0) +- goto err4; ++ goto err_trans; + + list_add_tail_rcu(&table->list, &net->nft.tables); + return 0; +-err4: ++err_trans: + kfree(table->name); +-err3: ++err_strdup: + kfree(table); +-err2: +- module_put(afi->owner); +-err1: ++err_kzalloc: + return err; + } + +@@ -838,10 +757,10 @@ static int nft_flush(struct nft_ctx *ctx + int err = 0; + + list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { +- if (family != AF_UNSPEC && table->afi->family != family) ++ if (family != AF_UNSPEC && table->family != family) + continue; + +- ctx->family = table->afi->family; ++ ctx->family = table->family; + + if (!nft_is_active_next(ctx->net, table)) + continue; +@@ -867,7 +786,6 @@ static int nf_tables_deltable(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); +- struct nft_af_info *afi; + struct nft_table *table; + int family = nfmsg->nfgen_family; + struct nft_ctx ctx; +@@ -876,11 +794,7 @@ static int nf_tables_deltable(struct net + if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) + return nft_flush(&ctx, family); + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -889,7 +803,7 @@ static int nf_tables_deltable(struct net + table->use > 0) + return -EBUSY; + +- ctx.family = afi->family; ++ ctx.family = family; + ctx.table = table; + + return nft_flush_table(&ctx); +@@ -901,7 +815,6 @@ static void nf_tables_table_destroy(stru + + kfree(ctx->table->name); + kfree(ctx->table); +- module_put(ctx->table->afi->owner); + } + + int nft_register_chain_type(const struct nf_chain_type *ctype) +@@ -1130,7 +1043,7 @@ static int nf_tables_dump_chains(struct + cb->seq = net->nft.base_seq; + + list_for_each_entry_rcu(table, &net->nft.tables, list) { +- if (family != NFPROTO_UNSPEC && family != table->afi->family) ++ if (family != NFPROTO_UNSPEC && family != table->family) + continue; + + list_for_each_entry_rcu(chain, &table->chains, list) { +@@ -1146,7 +1059,7 @@ static int nf_tables_dump_chains(struct + cb->nlh->nlmsg_seq, + NFT_MSG_NEWCHAIN, + NLM_F_MULTI, +- table->afi->family, table, ++ table->family, table, + chain) < 0) + goto done; + +@@ -1168,7 +1081,6 @@ static int nf_tables_getchain(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_cur(net); +- const struct nft_af_info *afi; + const struct nft_table *table; + const struct nft_chain *chain; + struct sk_buff *skb2; +@@ -1182,11 +1094,7 @@ static int nf_tables_getchain(struct net + return netlink_dump_start(nlsk, skb, nlh, &c); + } + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -1550,7 +1458,6 @@ static int nf_tables_newchain(struct net + const struct nlattr * uninitialized_var(name); + u8 genmask = nft_genmask_next(net); + int family = nfmsg->nfgen_family; +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_chain *chain; + u8 policy = NF_ACCEPT; +@@ -1560,11 +1467,7 @@ static int nf_tables_newchain(struct net + + create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; + +- afi = nf_tables_afinfo_lookup(net, family, true); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -1605,7 +1508,7 @@ static int nf_tables_newchain(struct net + } + } + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); + + if (chain != NULL) { + if (nlh->nlmsg_flags & NLM_F_EXCL) +@@ -1626,7 +1529,6 @@ static int nf_tables_delchain(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_chain *chain; + struct nft_rule *rule; +@@ -1635,11 +1537,7 @@ static int nf_tables_delchain(struct net + u32 use; + int err; + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -1652,7 +1550,7 @@ static int nf_tables_delchain(struct net + chain->use > 0) + return -EBUSY; + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); + + use = chain->use; + list_for_each_entry(rule, &chain->rules, list) { +@@ -2075,7 +1973,7 @@ static int nf_tables_dump_rules(struct s + cb->seq = net->nft.base_seq; + + list_for_each_entry_rcu(table, &net->nft.tables, list) { +- if (family != NFPROTO_UNSPEC && family != table->afi->family) ++ if (family != NFPROTO_UNSPEC && family != table->family) + continue; + + if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) +@@ -2098,7 +1996,7 @@ static int nf_tables_dump_rules(struct s + cb->nlh->nlmsg_seq, + NFT_MSG_NEWRULE, + NLM_F_MULTI | NLM_F_APPEND, +- table->afi->family, ++ table->family, + table, chain, rule) < 0) + goto done; + +@@ -2134,7 +2032,6 @@ static int nf_tables_getrule(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_cur(net); +- const struct nft_af_info *afi; + const struct nft_table *table; + const struct nft_chain *chain; + const struct nft_rule *rule; +@@ -2178,11 +2075,7 @@ static int nf_tables_getrule(struct net + return netlink_dump_start(nlsk, skb, nlh, &c); + } + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -2240,7 +2133,7 @@ static int nf_tables_newrule(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); +- struct nft_af_info *afi; ++ int family = nfmsg->nfgen_family; + struct nft_table *table; + struct nft_chain *chain; + struct nft_rule *rule, *old_rule = NULL; +@@ -2256,11 +2149,7 @@ static int nf_tables_newrule(struct net + + create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; + +- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -2300,7 +2189,7 @@ static int nf_tables_newrule(struct net + return PTR_ERR(old_rule); + } + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); + + n = 0; + size = 0; +@@ -2424,18 +2313,13 @@ static int nf_tables_delrule(struct net + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_chain *chain = NULL; + struct nft_rule *rule; + int family = nfmsg->nfgen_family, err = 0; + struct nft_ctx ctx; + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -2447,7 +2331,7 @@ static int nf_tables_delrule(struct net + return PTR_ERR(chain); + } + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla); + + if (chain) { + if (nla[NFTA_RULE_HANDLE]) { +@@ -2632,26 +2516,17 @@ static int nft_ctx_init_from_setattr(str + u8 genmask) + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); +- struct nft_af_info *afi = NULL; ++ int family = nfmsg->nfgen_family; + struct nft_table *table = NULL; + +- if (nfmsg->nfgen_family != NFPROTO_UNSPEC) { +- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- } +- + if (nla[NFTA_SET_TABLE] != NULL) { +- if (afi == NULL) +- return -EAFNOSUPPORT; +- + table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], +- afi->family, genmask); ++ family, genmask); + if (IS_ERR(table)) + return PTR_ERR(table); + } + +- nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); + return 0; + } + +@@ -2882,7 +2757,7 @@ static int nf_tables_dump_sets(struct sk + + list_for_each_entry_rcu(table, &net->nft.tables, list) { + if (ctx->family != NFPROTO_UNSPEC && +- ctx->family != table->afi->family) ++ ctx->family != table->family) + continue; + + if (ctx->table && ctx->table != table) +@@ -2903,7 +2778,7 @@ static int nf_tables_dump_sets(struct sk + + ctx_set = *ctx; + ctx_set.table = table; +- ctx_set.family = table->afi->family; ++ ctx_set.family = table->family; + + if (nf_tables_fill_set(skb, &ctx_set, set, + NFT_MSG_NEWSET, +@@ -3015,8 +2890,8 @@ static int nf_tables_newset(struct net * + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); ++ int family = nfmsg->nfgen_family; + const struct nft_set_ops *ops; +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_set *set; + struct nft_ctx ctx; +@@ -3123,16 +2998,12 @@ static int nf_tables_newset(struct net * + + create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false; + +- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + + set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); + if (IS_ERR(set)) { +@@ -3390,19 +3261,15 @@ static int nft_ctx_init_from_elemattr(st + u8 genmask) + { + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); +- struct nft_af_info *afi; ++ int family = nfmsg->nfgen_family; + struct nft_table *table; + +- afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- + table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], +- afi->family, genmask); ++ family, genmask); + if (IS_ERR(table)) + return PTR_ERR(table); + +- nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla); + return 0; + } + +@@ -3520,7 +3387,7 @@ static int nf_tables_dump_set(struct sk_ + rcu_read_lock(); + list_for_each_entry_rcu(table, &net->nft.tables, list) { + if (dump_ctx->ctx.family != NFPROTO_UNSPEC && +- dump_ctx->ctx.family != table->afi->family) ++ dump_ctx->ctx.family != table->family) + continue; + + if (table != dump_ctx->ctx.table) +@@ -3550,7 +3417,7 @@ static int nf_tables_dump_set(struct sk_ + goto nla_put_failure; + + nfmsg = nlmsg_data(nlh); +- nfmsg->nfgen_family = table->afi->family; ++ nfmsg->nfgen_family = table->family; + nfmsg->version = NFNETLINK_V0; + nfmsg->res_id = htons(net->nft.base_seq & 0xffff); + +@@ -4427,7 +4294,6 @@ static int nf_tables_newobj(struct net * + const struct nft_object_type *type; + u8 genmask = nft_genmask_next(net); + int family = nfmsg->nfgen_family; +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_object *obj; + struct nft_ctx ctx; +@@ -4439,11 +4305,7 @@ static int nf_tables_newobj(struct net * + !nla[NFTA_OBJ_DATA]) + return -EINVAL; + +- afi = nf_tables_afinfo_lookup(net, family, true); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -4462,7 +4324,7 @@ static int nf_tables_newobj(struct net * + return 0; + } + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + + type = nft_obj_type_get(objtype); + if (IS_ERR(type)) +@@ -4554,7 +4416,7 @@ static int nf_tables_dump_obj(struct sk_ + cb->seq = net->nft.base_seq; + + list_for_each_entry_rcu(table, &net->nft.tables, list) { +- if (family != NFPROTO_UNSPEC && family != table->afi->family) ++ if (family != NFPROTO_UNSPEC && family != table->family) + continue; + + list_for_each_entry_rcu(obj, &table->objects, list) { +@@ -4577,7 +4439,7 @@ static int nf_tables_dump_obj(struct sk_ + cb->nlh->nlmsg_seq, + NFT_MSG_NEWOBJ, + NLM_F_MULTI | NLM_F_APPEND, +- table->afi->family, table, ++ table->family, table, + obj, reset) < 0) + goto done; + +@@ -4635,7 +4497,6 @@ static int nf_tables_getobj(struct net * + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_cur(net); + int family = nfmsg->nfgen_family; +- const struct nft_af_info *afi; + const struct nft_table *table; + struct nft_object *obj; + struct sk_buff *skb2; +@@ -4666,11 +4527,7 @@ static int nf_tables_getobj(struct net * + !nla[NFTA_OBJ_TYPE]) + return -EINVAL; + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -4717,7 +4574,6 @@ static int nf_tables_delobj(struct net * + const struct nfgenmsg *nfmsg = nlmsg_data(nlh); + u8 genmask = nft_genmask_next(net); + int family = nfmsg->nfgen_family; +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_object *obj; + struct nft_ctx ctx; +@@ -4727,11 +4583,7 @@ static int nf_tables_delobj(struct net * + !nla[NFTA_OBJ_NAME]) + return -EINVAL; + +- afi = nf_tables_afinfo_lookup(net, family, true); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- +- table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, ++ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family, + genmask); + if (IS_ERR(table)) + return PTR_ERR(table); +@@ -4743,7 +4595,7 @@ static int nf_tables_delobj(struct net * + if (obj->use > 0) + return -EBUSY; + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + + return nft_delobj(&ctx, obj); + } +@@ -4928,33 +4780,31 @@ err1: + return err; + } + +-static const struct nf_flowtable_type * +-__nft_flowtable_type_get(const struct nft_af_info *afi) ++static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family) + { + const struct nf_flowtable_type *type; + + list_for_each_entry(type, &nf_tables_flowtables, list) { +- if (afi->family == type->family) ++ if (family == type->family) + return type; + } + return NULL; + } + +-static const struct nf_flowtable_type * +-nft_flowtable_type_get(const struct nft_af_info *afi) ++static const struct nf_flowtable_type *nft_flowtable_type_get(u8 family) + { + const struct nf_flowtable_type *type; + +- type = __nft_flowtable_type_get(afi); ++ type = __nft_flowtable_type_get(family); + if (type != NULL && try_module_get(type->owner)) + return type; + + #ifdef CONFIG_MODULES + if (type == NULL) { + nfnl_unlock(NFNL_SUBSYS_NFTABLES); +- request_module("nf-flowtable-%u", afi->family); ++ request_module("nf-flowtable-%u", family); + nfnl_lock(NFNL_SUBSYS_NFTABLES); +- if (__nft_flowtable_type_get(afi)) ++ if (__nft_flowtable_type_get(family)) + return ERR_PTR(-EAGAIN); + } + #endif +@@ -5002,7 +4852,6 @@ static int nf_tables_newflowtable(struct + u8 genmask = nft_genmask_next(net); + int family = nfmsg->nfgen_family; + struct nft_flowtable *flowtable; +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_ctx ctx; + int err, i, k; +@@ -5012,12 +4861,8 @@ static int nf_tables_newflowtable(struct + !nla[NFTA_FLOWTABLE_HOOK]) + return -EINVAL; + +- afi = nf_tables_afinfo_lookup(net, family, true); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], +- afi->family, genmask); ++ family, genmask); + if (IS_ERR(table)) + return PTR_ERR(table); + +@@ -5034,7 +4879,7 @@ static int nf_tables_newflowtable(struct + return 0; + } + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + + flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); + if (!flowtable) +@@ -5047,7 +4892,7 @@ static int nf_tables_newflowtable(struct + goto err1; + } + +- type = nft_flowtable_type_get(afi); ++ type = nft_flowtable_type_get(family); + if (IS_ERR(type)) { + err = PTR_ERR(type); + goto err2; +@@ -5107,16 +4952,11 @@ static int nf_tables_delflowtable(struct + u8 genmask = nft_genmask_next(net); + int family = nfmsg->nfgen_family; + struct nft_flowtable *flowtable; +- struct nft_af_info *afi; + struct nft_table *table; + struct nft_ctx ctx; + +- afi = nf_tables_afinfo_lookup(net, family, true); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], +- afi->family, genmask); ++ family, genmask); + if (IS_ERR(table)) + return PTR_ERR(table); + +@@ -5127,7 +4967,7 @@ static int nf_tables_delflowtable(struct + if (flowtable->use > 0) + return -EBUSY; + +- nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); ++ nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla); + + return nft_delflowtable(&ctx, flowtable); + } +@@ -5202,7 +5042,7 @@ static int nf_tables_dump_flowtable(stru + cb->seq = net->nft.base_seq; + + list_for_each_entry_rcu(table, &net->nft.tables, list) { +- if (family != NFPROTO_UNSPEC && family != table->afi->family) ++ if (family != NFPROTO_UNSPEC && family != table->family) + continue; + + list_for_each_entry_rcu(flowtable, &table->flowtables, list) { +@@ -5221,7 +5061,7 @@ static int nf_tables_dump_flowtable(stru + cb->nlh->nlmsg_seq, + NFT_MSG_NEWFLOWTABLE, + NLM_F_MULTI | NLM_F_APPEND, +- table->afi->family, flowtable) < 0) ++ table->family, flowtable) < 0) + goto done; + + nl_dump_check_consistent(cb, nlmsg_hdr(skb)); +@@ -5281,7 +5121,6 @@ static int nf_tables_getflowtable(struct + u8 genmask = nft_genmask_cur(net); + int family = nfmsg->nfgen_family; + struct nft_flowtable *flowtable; +- const struct nft_af_info *afi; + const struct nft_table *table; + struct sk_buff *skb2; + int err; +@@ -5307,12 +5146,8 @@ static int nf_tables_getflowtable(struct + if (!nla[NFTA_FLOWTABLE_NAME]) + return -EINVAL; + +- afi = nf_tables_afinfo_lookup(net, family, false); +- if (IS_ERR(afi)) +- return PTR_ERR(afi); +- + table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], +- afi->family, genmask); ++ family, genmask); + if (IS_ERR(table)) + return PTR_ERR(table); + +@@ -6476,7 +6311,7 @@ int __nft_release_basechain(struct nft_c + } + EXPORT_SYMBOL_GPL(__nft_release_basechain); + +-static void __nft_release_afinfo(struct net *net) ++static void __nft_release_tables(struct net *net) + { + struct nft_flowtable *flowtable, *nf; + struct nft_table *table, *nt; +@@ -6489,7 +6324,7 @@ static void __nft_release_afinfo(struct + }; + + list_for_each_entry_safe(table, nt, &net->nft.tables, list) { +- ctx.family = table->afi->family; ++ ctx.family = table->family; + + list_for_each_entry(chain, &table->chains, list) + nf_tables_unregister_hook(net, table, chain); +@@ -6541,7 +6376,7 @@ static int __net_init nf_tables_init_net + + static void __net_exit nf_tables_exit_net(struct net *net) + { +- __nft_release_afinfo(net); ++ __nft_release_tables(net); + WARN_ON_ONCE(!list_empty(&net->nft.tables)); + WARN_ON_ONCE(!list_empty(&net->nft.commit_list)); + } +--- a/net/netfilter/nf_tables_inet.c ++++ b/net/netfilter/nf_tables_inet.c +@@ -38,11 +38,6 @@ static unsigned int nft_do_chain_inet(vo + return nft_do_chain(&pkt, priv); + } + +-static struct nft_af_info nft_af_inet __read_mostly = { +- .family = NFPROTO_INET, +- .owner = THIS_MODULE, +-}; +- + static const struct nf_chain_type filter_inet = { + .name = "filter", + .type = NFT_CHAIN_T_DEFAULT, +@@ -64,26 +59,12 @@ static const struct nf_chain_type filter + + static int __init nf_tables_inet_init(void) + { +- int ret; +- +- if (nft_register_afinfo(&nft_af_inet) < 0) +- return ret; +- +- ret = nft_register_chain_type(&filter_inet); +- if (ret < 0) +- goto err_register_chain; +- +- return ret; +- +-err_register_chain: +- nft_unregister_afinfo(&nft_af_inet); +- return ret; ++ return nft_register_chain_type(&filter_inet); + } + + static void __exit nf_tables_inet_exit(void) + { + nft_unregister_chain_type(&filter_inet); +- nft_unregister_afinfo(&nft_af_inet); + } + + module_init(nf_tables_inet_init); +@@ -91,4 +72,4 @@ module_exit(nf_tables_inet_exit); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); +-MODULE_ALIAS_NFT_FAMILY(1); ++MODULE_ALIAS_NFT_CHAIN(1, "filter"); +--- a/net/netfilter/nf_tables_netdev.c ++++ b/net/netfilter/nf_tables_netdev.c +@@ -38,11 +38,6 @@ nft_do_chain_netdev(void *priv, struct s + return nft_do_chain(&pkt, priv); + } + +-static struct nft_af_info nft_af_netdev __read_mostly = { +- .family = NFPROTO_NETDEV, +- .owner = THIS_MODULE, +-}; +- + static const struct nf_chain_type nft_filter_chain_netdev = { + .name = "filter", + .type = NFT_CHAIN_T_DEFAULT, +@@ -91,10 +86,10 @@ static int nf_tables_netdev_event(struct + + nfnl_lock(NFNL_SUBSYS_NFTABLES); + list_for_each_entry(table, &ctx.net->nft.tables, list) { +- if (table->afi->family != NFPROTO_NETDEV) ++ if (table->family != NFPROTO_NETDEV) + continue; + +- ctx.family = table->afi->family; ++ ctx.family = table->family; + ctx.table = table; + list_for_each_entry_safe(chain, nr, &table->chains, list) { + if (!nft_is_base_chain(chain)) +@@ -117,12 +112,9 @@ static int __init nf_tables_netdev_init( + { + int ret; + +- if (nft_register_afinfo(&nft_af_netdev) < 0) +- return ret; +- + ret = nft_register_chain_type(&nft_filter_chain_netdev); + if (ret) +- goto err_register_chain_type; ++ return ret; + + ret = register_netdevice_notifier(&nf_tables_netdev_notifier); + if (ret) +@@ -132,8 +124,6 @@ static int __init nf_tables_netdev_init( + + err_register_netdevice_notifier: + nft_unregister_chain_type(&nft_filter_chain_netdev); +-err_register_chain_type: +- nft_unregister_afinfo(&nft_af_netdev); + + return ret; + } +@@ -142,7 +132,6 @@ static void __exit nf_tables_netdev_exit + { + unregister_netdevice_notifier(&nf_tables_netdev_notifier); + nft_unregister_chain_type(&nft_filter_chain_netdev); +- nft_unregister_afinfo(&nft_af_netdev); + } + + module_init(nf_tables_netdev_init); +@@ -150,4 +139,4 @@ module_exit(nf_tables_netdev_exit); + + MODULE_LICENSE("GPL"); + MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>"); +-MODULE_ALIAS_NFT_FAMILY(5); /* NFPROTO_NETDEV */ ++MODULE_ALIAS_NFT_CHAIN(5, "filter"); /* NFPROTO_NETDEV */ |