netfilter: nf_tables: restore context for expression destructors

In order to fix set destruction notifications and get rid of unnecessary members in private data structures, pass the context to expressions' destructor functions again. In order to do so, replace various members in the nft_rule_trans structure by the full context. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2014-03-07 13:08:30 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-03-08 06:35:17 -0500
commit: 62472bcefb56ae9c3a6be3284949ce758656cdec (patch)
tree: 647c311d780fef18e125005b7eb833002ca599f9 /net/netfilter
parent: a36e901cf60d4e9a1882d2a98b1a9c60e84aff2c (diff)
6 files changed, 27 insertions, 23 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 611afc0cf2d5..2c10c3fe78c3 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1253,10 +1253,11 @@ err1:
        return err;
 }
-static void nf_tables_expr_destroy(struct nft_expr *expr)
+static void nf_tables_expr_destroy(const struct nft_ctx *ctx,
+                                   struct nft_expr *expr)
 {
        if (expr->ops->destroy)
-                expr->ops->destroy(expr);
+                expr->ops->destroy(ctx, expr);
        module_put(expr->ops->type->owner);
 }
@@ -1536,7 +1537,8 @@ err:
        return err;
 }
-static void nf_tables_rule_destroy(struct nft_rule *rule)
+static void nf_tables_rule_destroy(const struct nft_ctx *ctx,
+                                   struct nft_rule *rule)
 {
        struct nft_expr *expr;
@@ -1546,7 +1548,7 @@ static void nf_tables_rule_destroy(struct nft_rule *rule)
         */
        expr = nft_expr_first(rule);
        while (expr->ops && expr != nft_expr_last(rule)) {
-                nf_tables_expr_destroy(expr);
+                nf_tables_expr_destroy(ctx, expr);
                expr = nft_expr_next(expr);
        }
        kfree(rule);
@@ -1565,11 +1567,8 @@ nf_tables_trans_add(struct nft_ctx *ctx, struct nft_rule *rule)
        if (rupd == NULL)
               return NULL;
-        rupd->chain = ctx->chain;
+        rupd->ctx = *ctx;
-        rupd->table = ctx->table;
        rupd->rule = rule;
-        rupd->family = ctx->afi->family;
-        rupd->nlh = ctx->nlh;
        list_add_tail(&rupd->list, &ctx->net->nft.commit_list);
        return rupd;
@@ -1721,7 +1720,7 @@ err3:
                kfree(repl);
        }
 err2:
-        nf_tables_rule_destroy(rule);
+        nf_tables_rule_destroy(&ctx, rule);
 err1:
        for (i = 0; i < n; i++) {
                if (info[i].ops != NULL)
@@ -1831,10 +1830,10 @@ static int nf_tables_commit(struct sk_buff *skb)
                 */
                if (nft_rule_is_active(net, rupd->rule)) {
                        nft_rule_clear(net, rupd->rule);
-                        nf_tables_rule_notify(skb, rupd->nlh, rupd->table,
+                        nf_tables_rule_notify(skb, rupd->ctx.nlh,
-                                              rupd->chain, rupd->rule,
+                                              rupd->ctx.table, rupd->ctx.chain,
-                                              NFT_MSG_NEWRULE, 0,
+                                              rupd->rule, NFT_MSG_NEWRULE, 0,
-                                              rupd->family);
+                                              rupd->ctx.afi->family);
                        list_del(&rupd->list);
                        kfree(rupd);
                        continue;
@@ -1842,9 +1841,10 @@ static int nf_tables_commit(struct sk_buff *skb)
                /* This rule is in the past, get rid of it */
                list_del_rcu(&rupd->rule->list);
-                nf_tables_rule_notify(skb, rupd->nlh, rupd->table, rupd->chain,
+                nf_tables_rule_notify(skb, rupd->ctx.nlh,
+                                      rupd->ctx.table, rupd->ctx.chain,
                                      rupd->rule, NFT_MSG_DELRULE, 0,
-                                      rupd->family);
+                                      rupd->ctx.afi->family);
        }
        /* Make sure we don't see any packet traversing old rules */
@@ -1852,7 +1852,7 @@ static int nf_tables_commit(struct sk_buff *skb)
        /* Now we can safely release unused old rules */
        list_for_each_entry_safe(rupd, tmp, &net->nft.commit_list, list) {
-                nf_tables_rule_destroy(rupd->rule);
+                nf_tables_rule_destroy(&rupd->ctx, rupd->rule);
                list_del(&rupd->list);
                kfree(rupd);
        }
@@ -1881,7 +1881,7 @@ static int nf_tables_abort(struct sk_buff *skb)
        synchronize_rcu();
        list_for_each_entry_safe(rupd, tmp, &net->nft.commit_list, list) {
-                nf_tables_rule_destroy(rupd->rule);
+                nf_tables_rule_destroy(&rupd->ctx, rupd->rule);
                list_del(&rupd->list);
                kfree(rupd);
        }
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 82cb8236f8a1..8a779be832fb 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -192,7 +192,7 @@ err:
 }
 static void
-nft_target_destroy(const struct nft_expr *expr)
+nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
 {
        struct xt_target *target = expr->ops->data;
@@ -379,7 +379,7 @@ err:
 }
 static void
-nft_match_destroy(const struct nft_expr *expr)
+nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
 {
        struct xt_match *match = expr->ops->data;
diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
index e59b08f9ccbd..65a2c7b6a7a0 100644
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -321,7 +321,8 @@ static int nft_ct_init(const struct nft_ctx *ctx,
        return 0;
 }
-static void nft_ct_destroy(const struct nft_expr *expr)
+static void nft_ct_destroy(const struct nft_ctx *ctx,
+                           const struct nft_expr *expr)
 {
        struct nft_ct *priv = nft_expr_priv(expr);
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index f169501f1ad4..810385eb7249 100644
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -70,7 +70,8 @@ err1:
        return err;
 }
-static void nft_immediate_destroy(const struct nft_expr *expr)
+static void nft_immediate_destroy(const struct nft_ctx *ctx,
+                                  const struct nft_expr *expr)
 {
        const struct nft_immediate_expr *priv = nft_expr_priv(expr);
        return nft_data_uninit(&priv->data, nft_dreg_to_type(priv->dreg));
diff --git a/net/netfilter/nft_log.c b/net/netfilter/nft_log.c
index 26c5154e05f3..10cfb156cdf4 100644
--- a/net/netfilter/nft_log.c
+++ b/net/netfilter/nft_log.c
@@ -74,7 +74,8 @@ static int nft_log_init(const struct nft_ctx *ctx,
        return 0;
 }
-static void nft_log_destroy(const struct nft_expr *expr)
+static void nft_log_destroy(const struct nft_ctx *ctx,
+                            const struct nft_expr *expr)
 {
        struct nft_log *priv = nft_expr_priv(expr);
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index bb4ef4cccb6e..953978e8f0ba 100644
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -89,7 +89,8 @@ static int nft_lookup_init(const struct nft_ctx *ctx,
        return 0;
 }
-static void nft_lookup_destroy(const struct nft_expr *expr)
+static void nft_lookup_destroy(const struct nft_ctx *ctx,
+                               const struct nft_expr *expr)
 {
        struct nft_lookup *priv = nft_expr_priv(expr);
author	Patrick McHardy <kaber@trash.net>	2014-03-07 13:08:30 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-03-08 06:35:17 -0500
commit	62472bcefb56ae9c3a6be3284949ce758656cdec (patch)
tree	647c311d780fef18e125005b7eb833002ca599f9 /net/netfilter
parent	a36e901cf60d4e9a1882d2a98b1a9c60e84aff2c (diff)