diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-12-09 06:08:26 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-12-10 07:49:24 -0500 |
| commit | 633c9a840d0bf1cce690f3165bdacd8ab412949e (patch) | |
| tree | 9536fc9847eb289d34bda3c6270e02830a561c29 /net | |
| parent | 639e077b43d9c54ffb1e1b54a2de54597ceae1d8 (diff) | |
netfilter: nfnetlink: avoid recurrent netns lookups in call_batch
Pass the net pointer to the call_batch callback functions so we can skip
recurrent lookups.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tested-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 96 | ||||
| -rw-r--r-- | net/netfilter/nfnetlink.c | 2 |
2 files changed, 46 insertions, 52 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 93cc4737018f..f1002dcfa1c9 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -89,6 +89,7 @@ nf_tables_afinfo_lookup(struct net *net, int family, bool autoload) | |||
| 89 | } | 89 | } |
| 90 | 90 | ||
| 91 | static void nft_ctx_init(struct nft_ctx *ctx, | 91 | static void nft_ctx_init(struct nft_ctx *ctx, |
| 92 | struct net *net, | ||
| 92 | const struct sk_buff *skb, | 93 | const struct sk_buff *skb, |
| 93 | const struct nlmsghdr *nlh, | 94 | const struct nlmsghdr *nlh, |
| 94 | struct nft_af_info *afi, | 95 | struct nft_af_info *afi, |
| @@ -96,7 +97,7 @@ static void nft_ctx_init(struct nft_ctx *ctx, | |||
| 96 | struct nft_chain *chain, | 97 | struct nft_chain *chain, |
| 97 | const struct nlattr * const *nla) | 98 | const struct nlattr * const *nla) |
| 98 | { | 99 | { |
| 99 | ctx->net = sock_net(skb->sk); | 100 | ctx->net = net; |
| 100 | ctx->afi = afi; | 101 | ctx->afi = afi; |
| 101 | ctx->table = table; | 102 | ctx->table = table; |
| 102 | ctx->chain = chain; | 103 | ctx->chain = chain; |
| @@ -672,15 +673,14 @@ err: | |||
| 672 | return ret; | 673 | return ret; |
| 673 | } | 674 | } |
| 674 | 675 | ||
| 675 | static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb, | 676 | static int nf_tables_newtable(struct net *net, struct sock *nlsk, |
| 676 | const struct nlmsghdr *nlh, | 677 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 677 | const struct nlattr * const nla[]) | 678 | const struct nlattr * const nla[]) |
| 678 | { | 679 | { |
| 679 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 680 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 680 | const struct nlattr *name; | 681 | const struct nlattr *name; |
| 681 | struct nft_af_info *afi; | 682 | struct nft_af_info *afi; |
| 682 | struct nft_table *table; | 683 | struct nft_table *table; |
| 683 | struct net *net = sock_net(skb->sk); | ||
| 684 | int family = nfmsg->nfgen_family; | 684 | int family = nfmsg->nfgen_family; |
| 685 | u32 flags = 0; | 685 | u32 flags = 0; |
| 686 | struct nft_ctx ctx; | 686 | struct nft_ctx ctx; |
| @@ -706,7 +706,7 @@ static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb, | |||
| 706 | if (nlh->nlmsg_flags & NLM_F_REPLACE) | 706 | if (nlh->nlmsg_flags & NLM_F_REPLACE) |
| 707 | return -EOPNOTSUPP; | 707 | return -EOPNOTSUPP; |
| 708 | 708 | ||
| 709 | nft_ctx_init(&ctx, skb, nlh, afi, table, NULL, nla); | 709 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
| 710 | return nf_tables_updtable(&ctx); | 710 | return nf_tables_updtable(&ctx); |
| 711 | } | 711 | } |
| 712 | 712 | ||
| @@ -730,7 +730,7 @@ static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb, | |||
| 730 | INIT_LIST_HEAD(&table->sets); | 730 | INIT_LIST_HEAD(&table->sets); |
| 731 | table->flags = flags; | 731 | table->flags = flags; |
| 732 | 732 | ||
| 733 | nft_ctx_init(&ctx, skb, nlh, afi, table, NULL, nla); | 733 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
| 734 | err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); | 734 | err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE); |
| 735 | if (err < 0) | 735 | if (err < 0) |
| 736 | goto err3; | 736 | goto err3; |
| @@ -810,18 +810,17 @@ out: | |||
| 810 | return err; | 810 | return err; |
| 811 | } | 811 | } |
| 812 | 812 | ||
| 813 | static int nf_tables_deltable(struct sock *nlsk, struct sk_buff *skb, | 813 | static int nf_tables_deltable(struct net *net, struct sock *nlsk, |
| 814 | const struct nlmsghdr *nlh, | 814 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 815 | const struct nlattr * const nla[]) | 815 | const struct nlattr * const nla[]) |
| 816 | { | 816 | { |
| 817 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 817 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 818 | struct nft_af_info *afi; | 818 | struct nft_af_info *afi; |
| 819 | struct nft_table *table; | 819 | struct nft_table *table; |
| 820 | struct net *net = sock_net(skb->sk); | ||
| 821 | int family = nfmsg->nfgen_family; | 820 | int family = nfmsg->nfgen_family; |
| 822 | struct nft_ctx ctx; | 821 | struct nft_ctx ctx; |
| 823 | 822 | ||
| 824 | nft_ctx_init(&ctx, skb, nlh, NULL, NULL, NULL, nla); | 823 | nft_ctx_init(&ctx, net, skb, nlh, NULL, NULL, NULL, nla); |
| 825 | if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) | 824 | if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL) |
| 826 | return nft_flush(&ctx, family); | 825 | return nft_flush(&ctx, family); |
| 827 | 826 | ||
| @@ -1221,8 +1220,8 @@ static void nf_tables_chain_destroy(struct nft_chain *chain) | |||
| 1221 | } | 1220 | } |
| 1222 | } | 1221 | } |
| 1223 | 1222 | ||
| 1224 | static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | 1223 | static int nf_tables_newchain(struct net *net, struct sock *nlsk, |
| 1225 | const struct nlmsghdr *nlh, | 1224 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 1226 | const struct nlattr * const nla[]) | 1225 | const struct nlattr * const nla[]) |
| 1227 | { | 1226 | { |
| 1228 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 1227 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| @@ -1232,7 +1231,6 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 1232 | struct nft_chain *chain; | 1231 | struct nft_chain *chain; |
| 1233 | struct nft_base_chain *basechain = NULL; | 1232 | struct nft_base_chain *basechain = NULL; |
| 1234 | struct nlattr *ha[NFTA_HOOK_MAX + 1]; | 1233 | struct nlattr *ha[NFTA_HOOK_MAX + 1]; |
| 1235 | struct net *net = sock_net(skb->sk); | ||
| 1236 | int family = nfmsg->nfgen_family; | 1234 | int family = nfmsg->nfgen_family; |
| 1237 | struct net_device *dev = NULL; | 1235 | struct net_device *dev = NULL; |
| 1238 | u8 policy = NF_ACCEPT; | 1236 | u8 policy = NF_ACCEPT; |
| @@ -1313,7 +1311,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 1313 | return PTR_ERR(stats); | 1311 | return PTR_ERR(stats); |
| 1314 | } | 1312 | } |
| 1315 | 1313 | ||
| 1316 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); | 1314 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
| 1317 | trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN, | 1315 | trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN, |
| 1318 | sizeof(struct nft_trans_chain)); | 1316 | sizeof(struct nft_trans_chain)); |
| 1319 | if (trans == NULL) { | 1317 | if (trans == NULL) { |
| @@ -1461,7 +1459,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 1461 | if (err < 0) | 1459 | if (err < 0) |
| 1462 | goto err1; | 1460 | goto err1; |
| 1463 | 1461 | ||
| 1464 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); | 1462 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
| 1465 | err = nft_trans_chain_add(&ctx, NFT_MSG_NEWCHAIN); | 1463 | err = nft_trans_chain_add(&ctx, NFT_MSG_NEWCHAIN); |
| 1466 | if (err < 0) | 1464 | if (err < 0) |
| 1467 | goto err2; | 1465 | goto err2; |
| @@ -1476,15 +1474,14 @@ err1: | |||
| 1476 | return err; | 1474 | return err; |
| 1477 | } | 1475 | } |
| 1478 | 1476 | ||
| 1479 | static int nf_tables_delchain(struct sock *nlsk, struct sk_buff *skb, | 1477 | static int nf_tables_delchain(struct net *net, struct sock *nlsk, |
| 1480 | const struct nlmsghdr *nlh, | 1478 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 1481 | const struct nlattr * const nla[]) | 1479 | const struct nlattr * const nla[]) |
| 1482 | { | 1480 | { |
| 1483 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 1481 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 1484 | struct nft_af_info *afi; | 1482 | struct nft_af_info *afi; |
| 1485 | struct nft_table *table; | 1483 | struct nft_table *table; |
| 1486 | struct nft_chain *chain; | 1484 | struct nft_chain *chain; |
| 1487 | struct net *net = sock_net(skb->sk); | ||
| 1488 | int family = nfmsg->nfgen_family; | 1485 | int family = nfmsg->nfgen_family; |
| 1489 | struct nft_ctx ctx; | 1486 | struct nft_ctx ctx; |
| 1490 | 1487 | ||
| @@ -1506,7 +1503,7 @@ static int nf_tables_delchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 1506 | if (chain->use > 0) | 1503 | if (chain->use > 0) |
| 1507 | return -EBUSY; | 1504 | return -EBUSY; |
| 1508 | 1505 | ||
| 1509 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); | 1506 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
| 1510 | 1507 | ||
| 1511 | return nft_delchain(&ctx); | 1508 | return nft_delchain(&ctx); |
| 1512 | } | 1509 | } |
| @@ -2010,13 +2007,12 @@ static void nf_tables_rule_destroy(const struct nft_ctx *ctx, | |||
| 2010 | 2007 | ||
| 2011 | static struct nft_expr_info *info; | 2008 | static struct nft_expr_info *info; |
| 2012 | 2009 | ||
| 2013 | static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, | 2010 | static int nf_tables_newrule(struct net *net, struct sock *nlsk, |
| 2014 | const struct nlmsghdr *nlh, | 2011 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 2015 | const struct nlattr * const nla[]) | 2012 | const struct nlattr * const nla[]) |
| 2016 | { | 2013 | { |
| 2017 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 2014 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 2018 | struct nft_af_info *afi; | 2015 | struct nft_af_info *afi; |
| 2019 | struct net *net = sock_net(skb->sk); | ||
| 2020 | struct nft_table *table; | 2016 | struct nft_table *table; |
| 2021 | struct nft_chain *chain; | 2017 | struct nft_chain *chain; |
| 2022 | struct nft_rule *rule, *old_rule = NULL; | 2018 | struct nft_rule *rule, *old_rule = NULL; |
| @@ -2075,7 +2071,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, | |||
| 2075 | return PTR_ERR(old_rule); | 2071 | return PTR_ERR(old_rule); |
| 2076 | } | 2072 | } |
| 2077 | 2073 | ||
| 2078 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); | 2074 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
| 2079 | 2075 | ||
| 2080 | n = 0; | 2076 | n = 0; |
| 2081 | size = 0; | 2077 | size = 0; |
| @@ -2176,13 +2172,12 @@ err1: | |||
| 2176 | return err; | 2172 | return err; |
| 2177 | } | 2173 | } |
| 2178 | 2174 | ||
| 2179 | static int nf_tables_delrule(struct sock *nlsk, struct sk_buff *skb, | 2175 | static int nf_tables_delrule(struct net *net, struct sock *nlsk, |
| 2180 | const struct nlmsghdr *nlh, | 2176 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 2181 | const struct nlattr * const nla[]) | 2177 | const struct nlattr * const nla[]) |
| 2182 | { | 2178 | { |
| 2183 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 2179 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 2184 | struct nft_af_info *afi; | 2180 | struct nft_af_info *afi; |
| 2185 | struct net *net = sock_net(skb->sk); | ||
| 2186 | struct nft_table *table; | 2181 | struct nft_table *table; |
| 2187 | struct nft_chain *chain = NULL; | 2182 | struct nft_chain *chain = NULL; |
| 2188 | struct nft_rule *rule; | 2183 | struct nft_rule *rule; |
| @@ -2205,7 +2200,7 @@ static int nf_tables_delrule(struct sock *nlsk, struct sk_buff *skb, | |||
| 2205 | return PTR_ERR(chain); | 2200 | return PTR_ERR(chain); |
| 2206 | } | 2201 | } |
| 2207 | 2202 | ||
| 2208 | nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla); | 2203 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, chain, nla); |
| 2209 | 2204 | ||
| 2210 | if (chain) { | 2205 | if (chain) { |
| 2211 | if (nla[NFTA_RULE_HANDLE]) { | 2206 | if (nla[NFTA_RULE_HANDLE]) { |
| @@ -2344,12 +2339,11 @@ static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = { | |||
| 2344 | [NFTA_SET_DESC_SIZE] = { .type = NLA_U32 }, | 2339 | [NFTA_SET_DESC_SIZE] = { .type = NLA_U32 }, |
| 2345 | }; | 2340 | }; |
| 2346 | 2341 | ||
| 2347 | static int nft_ctx_init_from_setattr(struct nft_ctx *ctx, | 2342 | static int nft_ctx_init_from_setattr(struct nft_ctx *ctx, struct net *net, |
| 2348 | const struct sk_buff *skb, | 2343 | const struct sk_buff *skb, |
| 2349 | const struct nlmsghdr *nlh, | 2344 | const struct nlmsghdr *nlh, |
| 2350 | const struct nlattr * const nla[]) | 2345 | const struct nlattr * const nla[]) |
| 2351 | { | 2346 | { |
| 2352 | struct net *net = sock_net(skb->sk); | ||
| 2353 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 2347 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 2354 | struct nft_af_info *afi = NULL; | 2348 | struct nft_af_info *afi = NULL; |
| 2355 | struct nft_table *table = NULL; | 2349 | struct nft_table *table = NULL; |
| @@ -2371,7 +2365,7 @@ static int nft_ctx_init_from_setattr(struct nft_ctx *ctx, | |||
| 2371 | return -ENOENT; | 2365 | return -ENOENT; |
| 2372 | } | 2366 | } |
| 2373 | 2367 | ||
| 2374 | nft_ctx_init(ctx, skb, nlh, afi, table, NULL, nla); | 2368 | nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); |
| 2375 | return 0; | 2369 | return 0; |
| 2376 | } | 2370 | } |
| 2377 | 2371 | ||
| @@ -2623,6 +2617,7 @@ static int nf_tables_getset(struct sock *nlsk, struct sk_buff *skb, | |||
| 2623 | const struct nlmsghdr *nlh, | 2617 | const struct nlmsghdr *nlh, |
| 2624 | const struct nlattr * const nla[]) | 2618 | const struct nlattr * const nla[]) |
| 2625 | { | 2619 | { |
| 2620 | struct net *net = sock_net(skb->sk); | ||
| 2626 | const struct nft_set *set; | 2621 | const struct nft_set *set; |
| 2627 | struct nft_ctx ctx; | 2622 | struct nft_ctx ctx; |
| 2628 | struct sk_buff *skb2; | 2623 | struct sk_buff *skb2; |
| @@ -2630,7 +2625,7 @@ static int nf_tables_getset(struct sock *nlsk, struct sk_buff *skb, | |||
| 2630 | int err; | 2625 | int err; |
| 2631 | 2626 | ||
| 2632 | /* Verify existence before starting dump */ | 2627 | /* Verify existence before starting dump */ |
| 2633 | err = nft_ctx_init_from_setattr(&ctx, skb, nlh, nla); | 2628 | err = nft_ctx_init_from_setattr(&ctx, net, skb, nlh, nla); |
| 2634 | if (err < 0) | 2629 | if (err < 0) |
| 2635 | return err; | 2630 | return err; |
| 2636 | 2631 | ||
| @@ -2693,14 +2688,13 @@ static int nf_tables_set_desc_parse(const struct nft_ctx *ctx, | |||
| 2693 | return 0; | 2688 | return 0; |
| 2694 | } | 2689 | } |
| 2695 | 2690 | ||
| 2696 | static int nf_tables_newset(struct sock *nlsk, struct sk_buff *skb, | 2691 | static int nf_tables_newset(struct net *net, struct sock *nlsk, |
| 2697 | const struct nlmsghdr *nlh, | 2692 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 2698 | const struct nlattr * const nla[]) | 2693 | const struct nlattr * const nla[]) |
| 2699 | { | 2694 | { |
| 2700 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 2695 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 2701 | const struct nft_set_ops *ops; | 2696 | const struct nft_set_ops *ops; |
| 2702 | struct nft_af_info *afi; | 2697 | struct nft_af_info *afi; |
| 2703 | struct net *net = sock_net(skb->sk); | ||
| 2704 | struct nft_table *table; | 2698 | struct nft_table *table; |
| 2705 | struct nft_set *set; | 2699 | struct nft_set *set; |
| 2706 | struct nft_ctx ctx; | 2700 | struct nft_ctx ctx; |
| @@ -2798,7 +2792,7 @@ static int nf_tables_newset(struct sock *nlsk, struct sk_buff *skb, | |||
| 2798 | if (IS_ERR(table)) | 2792 | if (IS_ERR(table)) |
| 2799 | return PTR_ERR(table); | 2793 | return PTR_ERR(table); |
| 2800 | 2794 | ||
| 2801 | nft_ctx_init(&ctx, skb, nlh, afi, table, NULL, nla); | 2795 | nft_ctx_init(&ctx, net, skb, nlh, afi, table, NULL, nla); |
| 2802 | 2796 | ||
| 2803 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME]); | 2797 | set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME]); |
| 2804 | if (IS_ERR(set)) { | 2798 | if (IS_ERR(set)) { |
| @@ -2882,8 +2876,8 @@ static void nf_tables_set_destroy(const struct nft_ctx *ctx, struct nft_set *set | |||
| 2882 | nft_set_destroy(set); | 2876 | nft_set_destroy(set); |
| 2883 | } | 2877 | } |
| 2884 | 2878 | ||
| 2885 | static int nf_tables_delset(struct sock *nlsk, struct sk_buff *skb, | 2879 | static int nf_tables_delset(struct net *net, struct sock *nlsk, |
| 2886 | const struct nlmsghdr *nlh, | 2880 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 2887 | const struct nlattr * const nla[]) | 2881 | const struct nlattr * const nla[]) |
| 2888 | { | 2882 | { |
| 2889 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 2883 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| @@ -2896,7 +2890,7 @@ static int nf_tables_delset(struct sock *nlsk, struct sk_buff *skb, | |||
| 2896 | if (nla[NFTA_SET_TABLE] == NULL) | 2890 | if (nla[NFTA_SET_TABLE] == NULL) |
| 2897 | return -EINVAL; | 2891 | return -EINVAL; |
| 2898 | 2892 | ||
| 2899 | err = nft_ctx_init_from_setattr(&ctx, skb, nlh, nla); | 2893 | err = nft_ctx_init_from_setattr(&ctx, net, skb, nlh, nla); |
| 2900 | if (err < 0) | 2894 | if (err < 0) |
| 2901 | return err; | 2895 | return err; |
| 2902 | 2896 | ||
| @@ -3024,7 +3018,7 @@ static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + | |||
| 3024 | [NFTA_SET_ELEM_LIST_SET_ID] = { .type = NLA_U32 }, | 3018 | [NFTA_SET_ELEM_LIST_SET_ID] = { .type = NLA_U32 }, |
| 3025 | }; | 3019 | }; |
| 3026 | 3020 | ||
| 3027 | static int nft_ctx_init_from_elemattr(struct nft_ctx *ctx, | 3021 | static int nft_ctx_init_from_elemattr(struct nft_ctx *ctx, struct net *net, |
| 3028 | const struct sk_buff *skb, | 3022 | const struct sk_buff *skb, |
| 3029 | const struct nlmsghdr *nlh, | 3023 | const struct nlmsghdr *nlh, |
| 3030 | const struct nlattr * const nla[], | 3024 | const struct nlattr * const nla[], |
| @@ -3033,7 +3027,6 @@ static int nft_ctx_init_from_elemattr(struct nft_ctx *ctx, | |||
| 3033 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); | 3027 | const struct nfgenmsg *nfmsg = nlmsg_data(nlh); |
| 3034 | struct nft_af_info *afi; | 3028 | struct nft_af_info *afi; |
| 3035 | struct nft_table *table; | 3029 | struct nft_table *table; |
| 3036 | struct net *net = sock_net(skb->sk); | ||
| 3037 | 3030 | ||
| 3038 | afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); | 3031 | afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false); |
| 3039 | if (IS_ERR(afi)) | 3032 | if (IS_ERR(afi)) |
| @@ -3045,7 +3038,7 @@ static int nft_ctx_init_from_elemattr(struct nft_ctx *ctx, | |||
| 3045 | if (!trans && (table->flags & NFT_TABLE_INACTIVE)) | 3038 | if (!trans && (table->flags & NFT_TABLE_INACTIVE)) |
| 3046 | return -ENOENT; | 3039 | return -ENOENT; |
| 3047 | 3040 | ||
| 3048 | nft_ctx_init(ctx, skb, nlh, afi, table, NULL, nla); | 3041 | nft_ctx_init(ctx, net, skb, nlh, afi, table, NULL, nla); |
| 3049 | return 0; | 3042 | return 0; |
| 3050 | } | 3043 | } |
| 3051 | 3044 | ||
| @@ -3135,6 +3128,7 @@ static int nf_tables_dump_setelem(const struct nft_ctx *ctx, | |||
| 3135 | 3128 | ||
| 3136 | static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) | 3129 | static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) |
| 3137 | { | 3130 | { |
| 3131 | struct net *net = sock_net(skb->sk); | ||
| 3138 | const struct nft_set *set; | 3132 | const struct nft_set *set; |
| 3139 | struct nft_set_dump_args args; | 3133 | struct nft_set_dump_args args; |
| 3140 | struct nft_ctx ctx; | 3134 | struct nft_ctx ctx; |
| @@ -3150,8 +3144,8 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) | |||
| 3150 | if (err < 0) | 3144 | if (err < 0) |
| 3151 | return err; | 3145 | return err; |
| 3152 | 3146 | ||
| 3153 | err = nft_ctx_init_from_elemattr(&ctx, cb->skb, cb->nlh, (void *)nla, | 3147 | err = nft_ctx_init_from_elemattr(&ctx, net, cb->skb, cb->nlh, |
| 3154 | false); | 3148 | (void *)nla, false); |
| 3155 | if (err < 0) | 3149 | if (err < 0) |
| 3156 | return err; | 3150 | return err; |
| 3157 | 3151 | ||
| @@ -3212,11 +3206,12 @@ static int nf_tables_getsetelem(struct sock *nlsk, struct sk_buff *skb, | |||
| 3212 | const struct nlmsghdr *nlh, | 3206 | const struct nlmsghdr *nlh, |
| 3213 | const struct nlattr * const nla[]) | 3207 | const struct nlattr * const nla[]) |
| 3214 | { | 3208 | { |
| 3209 | struct net *net = sock_net(skb->sk); | ||
| 3215 | const struct nft_set *set; | 3210 | const struct nft_set *set; |
| 3216 | struct nft_ctx ctx; | 3211 | struct nft_ctx ctx; |
| 3217 | int err; | 3212 | int err; |
| 3218 | 3213 | ||
| 3219 | err = nft_ctx_init_from_elemattr(&ctx, skb, nlh, nla, false); | 3214 | err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, false); |
| 3220 | if (err < 0) | 3215 | if (err < 0) |
| 3221 | return err; | 3216 | return err; |
| 3222 | 3217 | ||
| @@ -3528,11 +3523,10 @@ err1: | |||
| 3528 | return err; | 3523 | return err; |
| 3529 | } | 3524 | } |
| 3530 | 3525 | ||
| 3531 | static int nf_tables_newsetelem(struct sock *nlsk, struct sk_buff *skb, | 3526 | static int nf_tables_newsetelem(struct net *net, struct sock *nlsk, |
| 3532 | const struct nlmsghdr *nlh, | 3527 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 3533 | const struct nlattr * const nla[]) | 3528 | const struct nlattr * const nla[]) |
| 3534 | { | 3529 | { |
| 3535 | struct net *net = sock_net(skb->sk); | ||
| 3536 | const struct nlattr *attr; | 3530 | const struct nlattr *attr; |
| 3537 | struct nft_set *set; | 3531 | struct nft_set *set; |
| 3538 | struct nft_ctx ctx; | 3532 | struct nft_ctx ctx; |
| @@ -3541,7 +3535,7 @@ static int nf_tables_newsetelem(struct sock *nlsk, struct sk_buff *skb, | |||
| 3541 | if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL) | 3535 | if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL) |
| 3542 | return -EINVAL; | 3536 | return -EINVAL; |
| 3543 | 3537 | ||
| 3544 | err = nft_ctx_init_from_elemattr(&ctx, skb, nlh, nla, true); | 3538 | err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, true); |
| 3545 | if (err < 0) | 3539 | if (err < 0) |
| 3546 | return err; | 3540 | return err; |
| 3547 | 3541 | ||
| @@ -3623,8 +3617,8 @@ err1: | |||
| 3623 | return err; | 3617 | return err; |
| 3624 | } | 3618 | } |
| 3625 | 3619 | ||
| 3626 | static int nf_tables_delsetelem(struct sock *nlsk, struct sk_buff *skb, | 3620 | static int nf_tables_delsetelem(struct net *net, struct sock *nlsk, |
| 3627 | const struct nlmsghdr *nlh, | 3621 | struct sk_buff *skb, const struct nlmsghdr *nlh, |
| 3628 | const struct nlattr * const nla[]) | 3622 | const struct nlattr * const nla[]) |
| 3629 | { | 3623 | { |
| 3630 | const struct nlattr *attr; | 3624 | const struct nlattr *attr; |
| @@ -3635,7 +3629,7 @@ static int nf_tables_delsetelem(struct sock *nlsk, struct sk_buff *skb, | |||
| 3635 | if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL) | 3629 | if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL) |
| 3636 | return -EINVAL; | 3630 | return -EINVAL; |
| 3637 | 3631 | ||
| 3638 | err = nft_ctx_init_from_elemattr(&ctx, skb, nlh, nla, false); | 3632 | err = nft_ctx_init_from_elemattr(&ctx, net, skb, nlh, nla, false); |
| 3639 | if (err < 0) | 3633 | if (err < 0) |
| 3640 | return err; | 3634 | return err; |
| 3641 | 3635 | ||
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index 46453ab318db..445590f2c673 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c | |||
| @@ -381,7 +381,7 @@ replay: | |||
| 381 | goto ack; | 381 | goto ack; |
| 382 | 382 | ||
| 383 | if (nc->call_batch) { | 383 | if (nc->call_batch) { |
| 384 | err = nc->call_batch(net->nfnl, skb, nlh, | 384 | err = nc->call_batch(net, net->nfnl, skb, nlh, |
| 385 | (const struct nlattr **)cda); | 385 | (const struct nlattr **)cda); |
| 386 | } | 386 | } |
| 387 | 387 | ||