diff options
Diffstat (limited to 'target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch')
-rw-r--r-- | target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch | 1450 |
1 files changed, 0 insertions, 1450 deletions
diff --git a/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch b/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch deleted file mode 100644 index 59ec44a482..0000000000 --- a/target/linux/generic/backport-4.19/335-v4.16-netfilter-nf_tables-add-single-table-list-for-all-fa.patch +++ /dev/null @@ -1,1450 +0,0 @@ -From: Pablo Neira Ayuso <pablo@netfilter.org> -Date: Tue, 9 Jan 2018 02:38:03 +0100 -Subject: [PATCH] netfilter: nf_tables: add single table list for all families - -Place all existing user defined tables in struct net *, instead of -having one list per family. This saves us from one level of indentation -in netlink dump functions. - -Place pointer to struct nft_af_info in struct nft_table temporarily, as -we still need this to put back reference module reference counter on -table removal. - -This patch comes in preparation for the removal of struct nft_af_info. - -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - ---- a/include/net/netfilter/nf_tables.h -+++ b/include/net/netfilter/nf_tables.h -@@ -143,22 +143,22 @@ static inline void nft_data_debug(const - * struct nft_ctx - nf_tables rule/set context - * - * @net: net namespace -- * @afi: address family info - * @table: the table the chain is contained in - * @chain: the chain the rule is contained in - * @nla: netlink attributes - * @portid: netlink portID of the original message - * @seq: netlink sequence number -+ * @family: protocol family - * @report: notify via unicast netlink message - */ - struct nft_ctx { - struct net *net; -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain; - const struct nlattr * const *nla; - u32 portid; - u32 seq; -+ u8 family; - bool report; - }; - -@@ -944,6 +944,7 @@ unsigned int nft_do_chain(struct nft_pkt - * @use: number of chain references to this table - * @flags: table flag (see enum nft_table_flags) - * @genmask: generation mask -+ * @afinfo: address family info - * @name: name of the table - */ - struct nft_table { -@@ -956,6 +957,7 @@ struct nft_table { - u32 use; - u16 flags:14, - genmask:2; -+ struct nft_af_info *afi; - char *name; - }; - -@@ -965,13 +967,11 @@ struct nft_table { - * @list: used internally - * @family: address family - * @owner: module owner -- * @tables: used internally - */ - struct nft_af_info { - struct list_head list; - int family; - struct module *owner; -- struct list_head tables; - }; - - int nft_register_afinfo(struct net *, struct nft_af_info *); ---- a/include/net/netns/nftables.h -+++ b/include/net/netns/nftables.h -@@ -8,6 +8,7 @@ struct nft_af_info; - - struct netns_nftables { - struct list_head af_info; -+ struct list_head tables; - struct list_head commit_list; - struct nft_af_info *ipv4; - struct nft_af_info *ipv6; ---- a/net/netfilter/nf_tables_api.c -+++ b/net/netfilter/nf_tables_api.c -@@ -37,7 +37,6 @@ static LIST_HEAD(nf_tables_flowtables); - */ - int nft_register_afinfo(struct net *net, struct nft_af_info *afi) - { -- INIT_LIST_HEAD(&afi->tables); - nfnl_lock(NFNL_SUBSYS_NFTABLES); - list_add_tail_rcu(&afi->list, &net->nft.af_info); - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -99,13 +98,13 @@ static void nft_ctx_init(struct nft_ctx - struct net *net, - const struct sk_buff *skb, - const struct nlmsghdr *nlh, -- struct nft_af_info *afi, -+ u8 family, - struct nft_table *table, - struct nft_chain *chain, - const struct nlattr * const *nla) - { - ctx->net = net; -- ctx->afi = afi; -+ ctx->family = family; - ctx->table = table; - ctx->chain = chain; - ctx->nla = nla; -@@ -414,30 +413,31 @@ static int nft_delflowtable(struct nft_c - * Tables - */ - --static struct nft_table *nft_table_lookup(const struct nft_af_info *afi, -+static struct nft_table *nft_table_lookup(const struct net *net, - const struct nlattr *nla, -- u8 genmask) -+ u8 family, u8 genmask) - { - struct nft_table *table; - -- list_for_each_entry(table, &afi->tables, list) { -+ list_for_each_entry(table, &net->nft.tables, list) { - if (!nla_strcmp(nla, table->name) && -+ table->afi->family == family && - nft_active_genmask(table, genmask)) - return table; - } - return NULL; - } - --static struct nft_table *nf_tables_table_lookup(const struct nft_af_info *afi, -+static struct nft_table *nf_tables_table_lookup(const struct net *net, - const struct nlattr *nla, -- u8 genmask) -+ u8 family, u8 genmask) - { - struct nft_table *table; - - if (nla == NULL) - return ERR_PTR(-EINVAL); - -- table = nft_table_lookup(afi, nla, genmask); -+ table = nft_table_lookup(net, nla, family, genmask); - if (table != NULL) - return table; - -@@ -536,7 +536,7 @@ static void nf_tables_table_notify(const - goto err; - - err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table); -+ event, 0, ctx->family, ctx->table); - if (err < 0) { - kfree_skb(skb); - goto err; -@@ -553,7 +553,6 @@ static int nf_tables_dump_tables(struct - struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - unsigned int idx = 0, s_idx = cb->args[0]; - struct net *net = sock_net(skb->sk); -@@ -562,30 +561,27 @@ static int nf_tables_dump_tables(struct - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (!nft_is_active(net, table)) -- continue; -- if (nf_tables_fill_table_info(skb, net, -- NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWTABLE, -- NLM_F_MULTI, -- afi->family, table) < 0) -- goto done; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (!nft_is_active(net, table)) -+ continue; -+ if (nf_tables_fill_table_info(skb, net, -+ NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWTABLE, NLM_F_MULTI, -+ table->afi->family, table) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - done: - rcu_read_unlock(); -@@ -617,7 +613,8 @@ static int nf_tables_gettable(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -748,7 +745,7 @@ static int nf_tables_newtable(struct net - return PTR_ERR(afi); - - name = nla[NFTA_TABLE_NAME]; -- table = nf_tables_table_lookup(afi, name, genmask); -+ table = nf_tables_table_lookup(net, name, afi->family, genmask); - if (IS_ERR(table)) { - if (PTR_ERR(table) != -ENOENT) - return PTR_ERR(table); -@@ -758,7 +755,7 @@ static int nf_tables_newtable(struct net - if (nlh->nlmsg_flags & NLM_F_REPLACE) - return -EOPNOTSUPP; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - return nf_tables_updtable(&ctx); - } - -@@ -785,14 +782,15 @@ static int nf_tables_newtable(struct net - INIT_LIST_HEAD(&table->sets); - INIT_LIST_HEAD(&table->objects); - INIT_LIST_HEAD(&table->flowtables); -+ table->afi = afi; - table->flags = flags; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); - if (err < 0) - goto err4; - -- list_add_tail_rcu(&table->list, &afi->tables); -+ list_add_tail_rcu(&table->list, &net->nft.tables); - return 0; - err4: - kfree(table->name); -@@ -866,30 +864,28 @@ out: - - static int nft_flush(struct nft_ctx *ctx, int family) - { -- struct nft_af_info *afi; - struct nft_table *table, *nt; - const struct nlattr * const *nla = ctx->nla; - int err = 0; - -- list_for_each_entry(afi, &ctx->net->nft.af_info, list) { -- if (family != AF_UNSPEC && afi->family != family) -+ list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) { -+ if (family != AF_UNSPEC && table->afi->family != family) - continue; - -- ctx->afi = afi; -- list_for_each_entry_safe(table, nt, &afi->tables, list) { -- if (!nft_is_active_next(ctx->net, table)) -- continue; -+ ctx->family = table->afi->family; - -- if (nla[NFTA_TABLE_NAME] && -- nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0) -- continue; -+ if (!nft_is_active_next(ctx->net, table)) -+ continue; - -- ctx->table = table; -+ if (nla[NFTA_TABLE_NAME] && -+ nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0) -+ continue; - -- err = nft_flush_table(ctx); -- if (err < 0) -- goto out; -- } -+ ctx->table = table; -+ -+ err = nft_flush_table(ctx); -+ if (err < 0) -+ goto out; - } - out: - return err; -@@ -907,7 +903,7 @@ static int nf_tables_deltable(struct net - int family = nfmsg->nfgen_family; - struct nft_ctx ctx; - -- nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, 0, NULL, NULL, nla); - if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) - return nft_flush(&ctx, family); - -@@ -915,7 +911,8 @@ static int nf_tables_deltable(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_TABLE_NAME], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -923,7 +920,7 @@ static int nf_tables_deltable(struct net - table->use > 0) - return -EBUSY; - -- ctx.afi = afi; -+ ctx.family = afi->family; - ctx.table = table; - - return nft_flush_table(&ctx); -@@ -935,7 +932,7 @@ static void nf_tables_table_destroy(stru - - kfree(ctx->table->name); - kfree(ctx->table); -- module_put(ctx->afi->owner); -+ module_put(ctx->table->afi->owner); - } - - int nft_register_chain_type(const struct nf_chain_type *ctype) -@@ -1136,7 +1133,7 @@ static void nf_tables_chain_notify(const - goto err; - - err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table, -+ event, 0, ctx->family, ctx->table, - ctx->chain); - if (err < 0) { - kfree_skb(skb); -@@ -1154,7 +1151,6 @@ static int nf_tables_dump_chains(struct - struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - unsigned int idx = 0, s_idx = cb->args[0]; -@@ -1164,31 +1160,30 @@ static int nf_tables_dump_chains(struct - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(chain, &table->chains, list) { -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (!nft_is_active(net, chain)) -- continue; -- if (nf_tables_fill_chain_info(skb, net, -- NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWCHAIN, -- NLM_F_MULTI, -- afi->family, table, chain) < 0) -- goto done; -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (!nft_is_active(net, chain)) -+ continue; -+ if (nf_tables_fill_chain_info(skb, net, -+ NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWCHAIN, -+ NLM_F_MULTI, -+ table->afi->family, table, -+ chain) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -1222,7 +1217,8 @@ static int nf_tables_getchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1332,8 +1328,8 @@ struct nft_chain_hook { - - static int nft_chain_parse_hook(struct net *net, - const struct nlattr * const nla[], -- struct nft_af_info *afi, -- struct nft_chain_hook *hook, bool create) -+ struct nft_chain_hook *hook, u8 family, -+ bool create) - { - struct nlattr *ha[NFTA_HOOK_MAX + 1]; - const struct nf_chain_type *type; -@@ -1352,10 +1348,10 @@ static int nft_chain_parse_hook(struct n - hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM])); - hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY])); - -- type = chain_type[afi->family][NFT_CHAIN_T_DEFAULT]; -+ type = chain_type[family][NFT_CHAIN_T_DEFAULT]; - if (nla[NFTA_CHAIN_TYPE]) { - type = nf_tables_chain_type_lookup(nla[NFTA_CHAIN_TYPE], -- afi->family, create); -+ family, create); - if (IS_ERR(type)) - return PTR_ERR(type); - } -@@ -1367,7 +1363,7 @@ static int nft_chain_parse_hook(struct n - hook->type = type; - - hook->dev = NULL; -- if (afi->family == NFPROTO_NETDEV) { -+ if (family == NFPROTO_NETDEV) { - char ifname[IFNAMSIZ]; - - if (!ha[NFTA_HOOK_DEV]) { -@@ -1402,7 +1398,6 @@ static int nf_tables_addchain(struct nft - { - const struct nlattr * const *nla = ctx->nla; - struct nft_table *table = ctx->table; -- struct nft_af_info *afi = ctx->afi; - struct nft_base_chain *basechain; - struct nft_stats __percpu *stats; - struct net *net = ctx->net; -@@ -1416,7 +1411,7 @@ static int nf_tables_addchain(struct nft - struct nft_chain_hook hook; - struct nf_hook_ops *ops; - -- err = nft_chain_parse_hook(net, nla, afi, &hook, create); -+ err = nft_chain_parse_hook(net, nla, &hook, family, create); - if (err < 0) - return err; - -@@ -1508,7 +1503,7 @@ static int nf_tables_updchain(struct nft - if (!nft_is_base_chain(chain)) - return -EBUSY; - -- err = nft_chain_parse_hook(ctx->net, nla, ctx->afi, &hook, -+ err = nft_chain_parse_hook(ctx->net, nla, &hook, ctx->family, - create); - if (err < 0) - return err; -@@ -1618,7 +1613,8 @@ static int nf_tables_newchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1658,7 +1654,7 @@ static int nf_tables_newchain(struct net - } - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - if (chain != NULL) { - if (nlh->nlmsg_flags & NLM_F_EXCL) -@@ -1692,7 +1688,8 @@ static int nf_tables_delchain(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_CHAIN_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -1704,7 +1701,7 @@ static int nf_tables_delchain(struct net - chain->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - use = chain->use; - list_for_each_entry(rule, &chain->rules, list) { -@@ -1869,7 +1866,7 @@ static int nf_tables_expr_parse(const st - if (err < 0) - return err; - -- type = nft_expr_type_get(ctx->afi->family, tb[NFTA_EXPR_NAME]); -+ type = nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]); - if (IS_ERR(type)) - return PTR_ERR(type); - -@@ -2093,7 +2090,7 @@ static void nf_tables_rule_notify(const - goto err; - - err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq, -- event, 0, ctx->afi->family, ctx->table, -+ event, 0, ctx->family, ctx->table, - ctx->chain, rule); - if (err < 0) { - kfree_skb(skb); -@@ -2117,7 +2114,6 @@ static int nf_tables_dump_rules(struct s - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); - const struct nft_rule_dump_ctx *ctx = cb->data; -- const struct nft_af_info *afi; - const struct nft_table *table; - const struct nft_chain *chain; - const struct nft_rule *rule; -@@ -2128,39 +2124,37 @@ static int nf_tables_dump_rules(struct s - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) -+ continue; -+ -+ if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx && ctx->table && -- strcmp(ctx->table, table->name) != 0) -+ list_for_each_entry_rcu(chain, &table->chains, list) { -+ if (ctx && ctx->chain && -+ strcmp(ctx->chain, chain->name) != 0) - continue; - -- list_for_each_entry_rcu(chain, &table->chains, list) { -- if (ctx && ctx->chain && -- strcmp(ctx->chain, chain->name) != 0) -- continue; -- -- list_for_each_entry_rcu(rule, &chain->rules, list) { -- if (!nft_is_active(net, rule)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWRULE, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, table, chain, rule) < 0) -- goto done; -+ list_for_each_entry_rcu(rule, &chain->rules, list) { -+ if (!nft_is_active(net, rule)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWRULE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, -+ table, chain, rule) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - } -@@ -2238,7 +2232,8 @@ static int nf_tables_getrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2322,7 +2317,8 @@ static int nf_tables_newrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2361,7 +2357,7 @@ static int nf_tables_newrule(struct net - return PTR_ERR(old_rule); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - n = 0; - size = 0; -@@ -2501,7 +2497,8 @@ static int nf_tables_delrule(struct net - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_RULE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -2512,7 +2509,7 @@ static int nf_tables_delrule(struct net - return PTR_ERR(chain); - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla); - - if (chain) { - if (nla[NFTA_RULE_HANDLE]) { -@@ -2710,13 +2707,13 @@ static int nft_ctx_init_from_setattr(str - if (afi == NULL) - return -EAFNOSUPPORT; - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], -- genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - } - -- nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); - return 0; - } - -@@ -2844,7 +2841,7 @@ static int nf_tables_fill_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = ctx->afi->family; -+ nfmsg->nfgen_family = ctx->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); - -@@ -2936,10 +2933,8 @@ static int nf_tables_dump_sets(struct sk - { - const struct nft_set *set; - unsigned int idx, s_idx = cb->args[0]; -- struct nft_af_info *afi; - struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2]; - struct net *net = sock_net(skb->sk); -- int cur_family = cb->args[3]; - struct nft_ctx *ctx = cb->data, ctx_set; - - if (cb->args[1]) -@@ -2948,51 +2943,44 @@ static int nf_tables_dump_sets(struct sk - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (ctx->afi && ctx->afi != afi) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (ctx->family != NFPROTO_UNSPEC && -+ ctx->family != table->afi->family) - continue; - -- if (cur_family) { -- if (afi->family != cur_family) -- continue; -+ if (ctx->table && ctx->table != table) -+ continue; - -- cur_family = 0; -- } -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (ctx->table && ctx->table != table) -+ if (cur_table) { -+ if (cur_table != table) - continue; - -- if (cur_table) { -- if (cur_table != table) -- continue; -+ cur_table = NULL; -+ } -+ idx = 0; -+ list_for_each_entry_rcu(set, &table->sets, list) { -+ if (idx < s_idx) -+ goto cont; -+ if (!nft_is_active(net, set)) -+ goto cont; - -- cur_table = NULL; -+ ctx_set = *ctx; -+ ctx_set.table = table; -+ ctx_set.family = table->afi->family; -+ -+ if (nf_tables_fill_set(skb, &ctx_set, set, -+ NFT_MSG_NEWSET, -+ NLM_F_MULTI) < 0) { -+ cb->args[0] = idx; -+ cb->args[2] = (unsigned long) table; -+ goto done; - } -- idx = 0; -- list_for_each_entry_rcu(set, &table->sets, list) { -- if (idx < s_idx) -- goto cont; -- if (!nft_is_active(net, set)) -- goto cont; -- -- ctx_set = *ctx; -- ctx_set.table = table; -- ctx_set.afi = afi; -- if (nf_tables_fill_set(skb, &ctx_set, set, -- NFT_MSG_NEWSET, -- NLM_F_MULTI) < 0) { -- cb->args[0] = idx; -- cb->args[2] = (unsigned long) table; -- cb->args[3] = afi->family; -- goto done; -- } -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -- if (s_idx) -- s_idx = 0; -+ idx++; - } -+ if (s_idx) -+ s_idx = 0; - } - cb->args[1] = 1; - done: -@@ -3202,11 +3190,12 @@ static int nf_tables_newset(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask); - if (IS_ERR(set)) { -@@ -3475,12 +3464,12 @@ static int nft_ctx_init_from_elemattr(st - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_SET_ELEM_LIST_TABLE], -- genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -- nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla); - return 0; - } - -@@ -3585,7 +3574,6 @@ static int nf_tables_dump_set(struct sk_ - { - struct nft_set_dump_ctx *dump_ctx = cb->data; - struct net *net = sock_net(skb->sk); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_set *set; - struct nft_set_dump_args args; -@@ -3597,21 +3585,19 @@ static int nf_tables_dump_set(struct sk_ - int event; - - rcu_read_lock(); -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (afi != dump_ctx->ctx.afi) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (dump_ctx->ctx.family != NFPROTO_UNSPEC && -+ dump_ctx->ctx.family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- if (table != dump_ctx->ctx.table) -- continue; -+ if (table != dump_ctx->ctx.table) -+ continue; - -- list_for_each_entry_rcu(set, &table->sets, list) { -- if (set == dump_ctx->set) { -- set_found = true; -- break; -- } -+ list_for_each_entry_rcu(set, &table->sets, list) { -+ if (set == dump_ctx->set) { -+ set_found = true; -+ break; - } -- break; - } - break; - } -@@ -3631,7 +3617,7 @@ static int nf_tables_dump_set(struct sk_ - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = afi->family; -+ nfmsg->nfgen_family = table->afi->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(net->nft.base_seq & 0xffff); - -@@ -3733,7 +3719,7 @@ static int nf_tables_fill_setelem_info(s - goto nla_put_failure; - - nfmsg = nlmsg_data(nlh); -- nfmsg->nfgen_family = ctx->afi->family; -+ nfmsg->nfgen_family = ctx->family; - nfmsg->version = NFNETLINK_V0; - nfmsg->res_id = htons(ctx->net->nft.base_seq & 0xffff); - -@@ -3977,7 +3963,7 @@ static int nft_add_set_elem(struct nft_c - list_for_each_entry(binding, &set->bindings, list) { - struct nft_ctx bind_ctx = { - .net = ctx->net, -- .afi = ctx->afi, -+ .family = ctx->family, - .table = ctx->table, - .chain = (struct nft_chain *)binding->chain, - }; -@@ -4527,7 +4513,8 @@ static int nf_tables_newobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4545,7 +4532,7 @@ static int nf_tables_newobj(struct net * - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - type = nft_obj_type_get(objtype); - if (IS_ERR(type)) -@@ -4622,7 +4609,6 @@ struct nft_obj_filter { - static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) - { - const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh); -- const struct nft_af_info *afi; - const struct nft_table *table; - unsigned int idx = 0, s_idx = cb->args[0]; - struct nft_obj_filter *filter = cb->data; -@@ -4637,38 +4623,37 @@ static int nf_tables_dump_obj(struct sk_ - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(obj, &table->objects, list) { -- if (!nft_is_active(net, obj)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table && -- strcmp(filter->table, table->name)) -- goto cont; -- if (filter && -- filter->type != NFT_OBJECT_UNSPEC && -- obj->ops->type->type != filter->type) -- goto cont; -+ list_for_each_entry_rcu(obj, &table->objects, list) { -+ if (!nft_is_active(net, obj)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table && -+ strcmp(filter->table, table->name)) -+ goto cont; -+ if (filter && -+ filter->type != NFT_OBJECT_UNSPEC && -+ obj->ops->type->type != filter->type) -+ goto cont; - -- if (nf_tables_fill_obj_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWOBJ, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, table, obj, reset) < 0) -- goto done; -+ if (nf_tables_fill_obj_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWOBJ, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, table, -+ obj, reset) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -4755,7 +4740,8 @@ static int nf_tables_getobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4815,7 +4801,8 @@ static int nf_tables_delobj(struct net * - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_OBJ_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family, -+ genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -4826,7 +4813,7 @@ static int nf_tables_delobj(struct net * - if (obj->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - return nft_delobj(&ctx, obj); - } -@@ -4864,7 +4851,7 @@ static void nf_tables_obj_notify(const s - struct nft_object *obj, int event) - { - nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid, ctx->seq, event, -- ctx->afi->family, ctx->report, GFP_KERNEL); -+ ctx->family, ctx->report, GFP_KERNEL); - } - - /* -@@ -5054,7 +5041,7 @@ void nft_flow_table_iterate(struct net * - - rcu_read_lock(); - list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- list_for_each_entry_rcu(table, &afi->tables, list) { -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { - list_for_each_entry_rcu(flowtable, &table->flowtables, list) { - iter(&flowtable->data, data); - } -@@ -5102,7 +5089,8 @@ static int nf_tables_newflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5119,7 +5107,7 @@ static int nf_tables_newflowtable(struct - return 0; - } - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL); - if (!flowtable) -@@ -5200,7 +5188,8 @@ static int nf_tables_delflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5211,7 +5200,7 @@ static int nf_tables_delflowtable(struct - if (flowtable->use > 0) - return -EBUSY; - -- nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); -+ nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla); - - return nft_delflowtable(&ctx, flowtable); - } -@@ -5280,40 +5269,37 @@ static int nf_tables_dump_flowtable(stru - struct net *net = sock_net(skb->sk); - int family = nfmsg->nfgen_family; - struct nft_flowtable *flowtable; -- const struct nft_af_info *afi; - const struct nft_table *table; - - rcu_read_lock(); - cb->seq = net->nft.base_seq; - -- list_for_each_entry_rcu(afi, &net->nft.af_info, list) { -- if (family != NFPROTO_UNSPEC && family != afi->family) -+ list_for_each_entry_rcu(table, &net->nft.tables, list) { -+ if (family != NFPROTO_UNSPEC && family != table->afi->family) - continue; - -- list_for_each_entry_rcu(table, &afi->tables, list) { -- list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -- if (!nft_is_active(net, flowtable)) -- goto cont; -- if (idx < s_idx) -- goto cont; -- if (idx > s_idx) -- memset(&cb->args[1], 0, -- sizeof(cb->args) - sizeof(cb->args[0])); -- if (filter && filter->table[0] && -- strcmp(filter->table, table->name)) -- goto cont; -+ list_for_each_entry_rcu(flowtable, &table->flowtables, list) { -+ if (!nft_is_active(net, flowtable)) -+ goto cont; -+ if (idx < s_idx) -+ goto cont; -+ if (idx > s_idx) -+ memset(&cb->args[1], 0, -+ sizeof(cb->args) - sizeof(cb->args[0])); -+ if (filter && filter->table && -+ strcmp(filter->table, table->name)) -+ goto cont; - -- if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -- cb->nlh->nlmsg_seq, -- NFT_MSG_NEWFLOWTABLE, -- NLM_F_MULTI | NLM_F_APPEND, -- afi->family, flowtable) < 0) -- goto done; -+ if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid, -+ cb->nlh->nlmsg_seq, -+ NFT_MSG_NEWFLOWTABLE, -+ NLM_F_MULTI | NLM_F_APPEND, -+ table->afi->family, flowtable) < 0) -+ goto done; - -- nl_dump_check_consistent(cb, nlmsg_hdr(skb)); -+ nl_dump_check_consistent(cb, nlmsg_hdr(skb)); - cont: -- idx++; -- } -+ idx++; - } - } - done: -@@ -5398,7 +5384,8 @@ static int nf_tables_getflowtable(struct - if (IS_ERR(afi)) - return PTR_ERR(afi); - -- table = nf_tables_table_lookup(afi, nla[NFTA_FLOWTABLE_TABLE], genmask); -+ table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], -+ afi->family, genmask); - if (IS_ERR(table)) - return PTR_ERR(table); - -@@ -5441,7 +5428,7 @@ static void nf_tables_flowtable_notify(s - - err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid, - ctx->seq, event, 0, -- ctx->afi->family, flowtable); -+ ctx->family, flowtable); - if (err < 0) { - kfree_skb(skb); - goto err; -@@ -5519,17 +5506,14 @@ static int nf_tables_flowtable_event(str - struct net_device *dev = netdev_notifier_info_to_dev(ptr); - struct nft_flowtable *flowtable; - struct nft_table *table; -- struct nft_af_info *afi; - - if (event != NETDEV_UNREGISTER) - return 0; - - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -- list_for_each_entry(table, &afi->tables, list) { -- list_for_each_entry(flowtable, &table->flowtables, list) { -- nft_flowtable_event(event, dev, flowtable); -- } -+ list_for_each_entry(table, &dev_net(dev)->nft.tables, list) { -+ list_for_each_entry(flowtable, &table->flowtables, list) { -+ nft_flowtable_event(event, dev, flowtable); - } - } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); -@@ -6555,6 +6539,7 @@ EXPORT_SYMBOL_GPL(nft_data_dump); - static int __net_init nf_tables_init_net(struct net *net) - { - INIT_LIST_HEAD(&net->nft.af_info); -+ INIT_LIST_HEAD(&net->nft.tables); - INIT_LIST_HEAD(&net->nft.commit_list); - net->nft.base_seq = 1; - return 0; -@@ -6591,10 +6576,10 @@ static void __nft_release_afinfo(struct - struct nft_set *set, *ns; - struct nft_ctx ctx = { - .net = net, -- .afi = afi, -+ .family = afi->family, - }; - -- list_for_each_entry_safe(table, nt, &afi->tables, list) { -+ list_for_each_entry_safe(table, nt, &net->nft.tables, list) { - list_for_each_entry(chain, &table->chains, list) - nf_tables_unregister_hook(net, table, chain); - list_for_each_entry(flowtable, &table->flowtables, list) ---- a/net/netfilter/nf_tables_netdev.c -+++ b/net/netfilter/nf_tables_netdev.c -@@ -107,7 +107,6 @@ static int nf_tables_netdev_event(struct - unsigned long event, void *ptr) - { - struct net_device *dev = netdev_notifier_info_to_dev(ptr); -- struct nft_af_info *afi; - struct nft_table *table; - struct nft_chain *chain, *nr; - struct nft_ctx ctx = { -@@ -119,20 +118,18 @@ static int nf_tables_netdev_event(struct - return NOTIFY_DONE; - - nfnl_lock(NFNL_SUBSYS_NFTABLES); -- list_for_each_entry(afi, &dev_net(dev)->nft.af_info, list) { -- ctx.afi = afi; -- if (afi->family != NFPROTO_NETDEV) -+ list_for_each_entry(table, &ctx.net->nft.tables, list) { -+ if (table->afi->family != NFPROTO_NETDEV) - continue; - -- list_for_each_entry(table, &afi->tables, list) { -- ctx.table = table; -- list_for_each_entry_safe(chain, nr, &table->chains, list) { -- if (!nft_is_base_chain(chain)) -- continue; -+ ctx.family = table->afi->family; -+ ctx.table = table; -+ list_for_each_entry_safe(chain, nr, &table->chains, list) { -+ if (!nft_is_base_chain(chain)) -+ continue; - -- ctx.chain = chain; -- nft_netdev_event(event, dev, &ctx); -- } -+ ctx.chain = chain; -+ nft_netdev_event(event, dev, &ctx); - } - } - nfnl_unlock(NFNL_SUBSYS_NFTABLES); ---- a/net/netfilter/nft_compat.c -+++ b/net/netfilter/nft_compat.c -@@ -161,7 +161,7 @@ nft_target_set_tgchk_param(struct xt_tgc - { - par->net = ctx->net; - par->table = ctx->table->name; -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case AF_INET: - entry->e4.ip.proto = proto; - entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -192,7 +192,7 @@ nft_target_set_tgchk_param(struct xt_tgc - } else { - par->hook_mask = 0; - } -- par->family = ctx->afi->family; -+ par->family = ctx->family; - par->nft_compat = true; - } - -@@ -282,7 +282,7 @@ nft_target_destroy(const struct nft_ctx - par.net = ctx->net; - par.target = target; - par.targinfo = info; -- par.family = ctx->afi->family; -+ par.family = ctx->family; - if (par.target->destroy != NULL) - par.target->destroy(&par); - -@@ -389,7 +389,7 @@ nft_match_set_mtchk_param(struct xt_mtch - { - par->net = ctx->net; - par->table = ctx->table->name; -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case AF_INET: - entry->e4.ip.proto = proto; - entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; -@@ -420,7 +420,7 @@ nft_match_set_mtchk_param(struct xt_mtch - } else { - par->hook_mask = 0; - } -- par->family = ctx->afi->family; -+ par->family = ctx->family; - par->nft_compat = true; - } - -@@ -502,7 +502,7 @@ __nft_match_destroy(const struct nft_ctx - par.net = ctx->net; - par.match = match; - par.matchinfo = info; -- par.family = ctx->afi->family; -+ par.family = ctx->family; - if (par.match->destroy != NULL) - par.match->destroy(&par); - -@@ -732,7 +732,7 @@ nft_match_select_ops(const struct nft_ct - - mt_name = nla_data(tb[NFTA_MATCH_NAME]); - rev = ntohl(nla_get_be32(tb[NFTA_MATCH_REV])); -- family = ctx->afi->family; -+ family = ctx->family; - - /* Re-use the existing match if it's already loaded. */ - list_for_each_entry(nft_match, &nft_match_list, head) { -@@ -823,7 +823,7 @@ nft_target_select_ops(const struct nft_c - - tg_name = nla_data(tb[NFTA_TARGET_NAME]); - rev = ntohl(nla_get_be32(tb[NFTA_TARGET_REV])); -- family = ctx->afi->family; -+ family = ctx->family; - - if (strcmp(tg_name, XT_ERROR_TARGET) == 0 || - strcmp(tg_name, XT_STANDARD_TARGET) == 0 || ---- a/net/netfilter/nft_ct.c -+++ b/net/netfilter/nft_ct.c -@@ -405,7 +405,7 @@ static int nft_ct_get_init(const struct - if (tb[NFTA_CT_DIRECTION] == NULL) - return -EINVAL; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_IPV4: - len = FIELD_SIZEOF(struct nf_conntrack_tuple, - src.u3.ip); -@@ -456,7 +456,7 @@ static int nft_ct_get_init(const struct - if (err < 0) - return err; - -- err = nf_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->family); - if (err < 0) - return err; - -@@ -550,7 +550,7 @@ static int nft_ct_set_init(const struct - if (err < 0) - goto err1; - -- err = nf_ct_netns_get(ctx->net, ctx->afi->family); -+ err = nf_ct_netns_get(ctx->net, ctx->family); - if (err < 0) - goto err1; - -@@ -564,7 +564,7 @@ err1: - static void nft_ct_get_destroy(const struct nft_ctx *ctx, - const struct nft_expr *expr) - { -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static void nft_ct_set_destroy(const struct nft_ctx *ctx, -@@ -573,7 +573,7 @@ static void nft_ct_set_destroy(const str - struct nft_ct *priv = nft_expr_priv(expr); - - __nft_ct_set_destroy(ctx, priv); -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static int nft_ct_get_dump(struct sk_buff *skb, const struct nft_expr *expr) -@@ -734,7 +734,7 @@ static int nft_ct_helper_obj_init(const - struct nft_ct_helper_obj *priv = nft_obj_data(obj); - struct nf_conntrack_helper *help4, *help6; - char name[NF_CT_HELPER_NAME_LEN]; -- int family = ctx->afi->family; -+ int family = ctx->family; - - if (!tb[NFTA_CT_HELPER_NAME] || !tb[NFTA_CT_HELPER_L4PROTO]) - return -EINVAL; -@@ -753,14 +753,14 @@ static int nft_ct_helper_obj_init(const - - switch (family) { - case NFPROTO_IPV4: -- if (ctx->afi->family == NFPROTO_IPV6) -+ if (ctx->family == NFPROTO_IPV6) - return -EINVAL; - - help4 = nf_conntrack_helper_try_module_get(name, family, - priv->l4proto); - break; - case NFPROTO_IPV6: -- if (ctx->afi->family == NFPROTO_IPV4) -+ if (ctx->family == NFPROTO_IPV4) - return -EINVAL; - - help6 = nf_conntrack_helper_try_module_get(name, family, ---- a/net/netfilter/nft_flow_offload.c -+++ b/net/netfilter/nft_flow_offload.c -@@ -151,7 +151,7 @@ static int nft_flow_offload_init(const s - priv->flowtable = flowtable; - flowtable->use++; - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - - static void nft_flow_offload_destroy(const struct nft_ctx *ctx, -@@ -160,7 +160,7 @@ static void nft_flow_offload_destroy(con - struct nft_flow_offload *priv = nft_expr_priv(expr); - - priv->flowtable->use--; -- nf_ct_netns_put(ctx->net, ctx->afi->family); -+ nf_ct_netns_put(ctx->net, ctx->family); - } - - static int nft_flow_offload_dump(struct sk_buff *skb, const struct nft_expr *expr) ---- a/net/netfilter/nft_log.c -+++ b/net/netfilter/nft_log.c -@@ -112,7 +112,7 @@ static int nft_log_init(const struct nft - break; - } - -- err = nf_logger_find_get(ctx->afi->family, li->type); -+ err = nf_logger_find_get(ctx->family, li->type); - if (err < 0) - goto err1; - -@@ -133,7 +133,7 @@ static void nft_log_destroy(const struct - if (priv->prefix != nft_log_null_prefix) - kfree(priv->prefix); - -- nf_logger_put(ctx->afi->family, li->type); -+ nf_logger_put(ctx->family, li->type); - } - - static int nft_log_dump(struct sk_buff *skb, const struct nft_expr *expr) ---- a/net/netfilter/nft_masq.c -+++ b/net/netfilter/nft_masq.c -@@ -73,7 +73,7 @@ int nft_masq_init(const struct nft_ctx * - } - } - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - EXPORT_SYMBOL_GPL(nft_masq_init); - ---- a/net/netfilter/nft_meta.c -+++ b/net/netfilter/nft_meta.c -@@ -341,7 +341,7 @@ static int nft_meta_get_validate(const s - if (priv->key != NFT_META_SECPATH) - return 0; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_NETDEV: - hooks = 1 << NF_NETDEV_INGRESS; - break; -@@ -372,7 +372,7 @@ int nft_meta_set_validate(const struct n - if (priv->key != NFT_META_PKTTYPE) - return 0; - -- switch (ctx->afi->family) { -+ switch (ctx->family) { - case NFPROTO_BRIDGE: - hooks = 1 << NF_BR_PRE_ROUTING; - break; ---- a/net/netfilter/nft_nat.c -+++ b/net/netfilter/nft_nat.c -@@ -142,7 +142,7 @@ static int nft_nat_init(const struct nft - return -EINVAL; - - family = ntohl(nla_get_be32(tb[NFTA_NAT_FAMILY])); -- if (family != ctx->afi->family) -+ if (family != ctx->family) - return -EOPNOTSUPP; - - switch (family) { ---- a/net/netfilter/nft_redir.c -+++ b/net/netfilter/nft_redir.c -@@ -75,7 +75,7 @@ int nft_redir_init(const struct nft_ctx - return -EINVAL; - } - -- return nf_ct_netns_get(ctx->net, ctx->afi->family); -+ return nf_ct_netns_get(ctx->net, ctx->family); - } - EXPORT_SYMBOL_GPL(nft_redir_init); - |