--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
-@@ -950,28 +950,12 @@ struct nft_table {
+@@ -955,28 +955,12 @@ struct nft_table {
struct list_head flowtables;
u64 hgenerator;
u32 use;
int nft_register_chain_type(const struct nf_chain_type *);
void nft_unregister_chain_type(const struct nf_chain_type *);
-@@ -1139,9 +1123,6 @@ void nft_trace_notify(struct nft_tracein
+@@ -1144,9 +1128,6 @@ void nft_trace_notify(struct nft_tracein
#define nft_dereference(p) \
nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
static void nft_ctx_init(struct nft_ctx *ctx,
struct net *net,
-@@ -390,7 +325,7 @@ static struct nft_table *nft_table_looku
+@@ -434,7 +369,7 @@ static struct nft_table *nft_table_looku
list_for_each_entry(table, &net->nft.tables, list) {
if (!nla_strcmp(nla, table->name) &&
nft_active_genmask(table, genmask))
return table;
}
-@@ -531,7 +466,7 @@ static int nf_tables_dump_tables(struct
+@@ -575,7 +510,7 @@ static int nf_tables_dump_tables(struct
cb->seq = net->nft.base_seq;
list_for_each_entry_rcu(table, &net->nft.tables, list) {
continue;
if (idx < s_idx)
-@@ -545,7 +480,7 @@ static int nf_tables_dump_tables(struct
+@@ -589,7 +524,7 @@ static int nf_tables_dump_tables(struct
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq,
NFT_MSG_NEWTABLE, NLM_F_MULTI,
goto done;
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -565,7 +500,6 @@ static int nf_tables_gettable(struct net
+@@ -609,7 +544,6 @@ static int nf_tables_gettable(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_cur(net);
const struct nft_table *table;
struct sk_buff *skb2;
int family = nfmsg->nfgen_family;
-@@ -578,11 +512,7 @@ static int nf_tables_gettable(struct net
+@@ -622,11 +556,7 @@ static int nf_tables_gettable(struct net
return netlink_dump_start(nlsk, skb, nlh, &c);
}
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -702,19 +632,14 @@ static int nf_tables_newtable(struct net
+@@ -746,19 +676,14 @@ static int nf_tables_newtable(struct net
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
const struct nlattr *name;
if (IS_ERR(table)) {
if (PTR_ERR(table) != -ENOENT)
return PTR_ERR(table);
-@@ -724,7 +649,7 @@ static int nf_tables_newtable(struct net
+@@ -768,7 +693,7 @@ static int nf_tables_newtable(struct net
if (nlh->nlmsg_flags & NLM_F_REPLACE)
return -EOPNOTSUPP;
return nf_tables_updtable(&ctx);
}
-@@ -734,40 +659,34 @@ static int nf_tables_newtable(struct net
+@@ -778,40 +703,34 @@ static int nf_tables_newtable(struct net
return -EINVAL;
}
return err;
}
-@@ -838,10 +757,10 @@ static int nft_flush(struct nft_ctx *ctx
+@@ -882,10 +801,10 @@ static int nft_flush(struct nft_ctx *ctx
int err = 0;
list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
if (!nft_is_active_next(ctx->net, table))
continue;
-@@ -867,7 +786,6 @@ static int nf_tables_deltable(struct net
+@@ -911,7 +830,6 @@ static int nf_tables_deltable(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
struct nft_table *table;
int family = nfmsg->nfgen_family;
struct nft_ctx ctx;
-@@ -876,11 +794,7 @@ static int nf_tables_deltable(struct net
+@@ -920,11 +838,7 @@ static int nf_tables_deltable(struct net
if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
return nft_flush(&ctx, family);
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -889,7 +803,7 @@ static int nf_tables_deltable(struct net
+@@ -933,7 +847,7 @@ static int nf_tables_deltable(struct net
table->use > 0)
return -EBUSY;
ctx.table = table;
return nft_flush_table(&ctx);
-@@ -901,7 +815,6 @@ static void nf_tables_table_destroy(stru
+@@ -945,7 +859,6 @@ static void nf_tables_table_destroy(stru
kfree(ctx->table->name);
kfree(ctx->table);
}
int nft_register_chain_type(const struct nf_chain_type *ctype)
-@@ -1130,7 +1043,7 @@ static int nf_tables_dump_chains(struct
+@@ -1174,7 +1087,7 @@ static int nf_tables_dump_chains(struct
cb->seq = net->nft.base_seq;
list_for_each_entry_rcu(table, &net->nft.tables, list) {
continue;
list_for_each_entry_rcu(chain, &table->chains, list) {
-@@ -1146,7 +1059,7 @@ static int nf_tables_dump_chains(struct
+@@ -1190,7 +1103,7 @@ static int nf_tables_dump_chains(struct
cb->nlh->nlmsg_seq,
NFT_MSG_NEWCHAIN,
NLM_F_MULTI,
chain) < 0)
goto done;
-@@ -1168,7 +1081,6 @@ static int nf_tables_getchain(struct net
+@@ -1212,7 +1125,6 @@ static int nf_tables_getchain(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_cur(net);
const struct nft_table *table;
const struct nft_chain *chain;
struct sk_buff *skb2;
-@@ -1182,11 +1094,7 @@ static int nf_tables_getchain(struct net
+@@ -1226,11 +1138,7 @@ static int nf_tables_getchain(struct net
return netlink_dump_start(nlsk, skb, nlh, &c);
}
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -1550,7 +1458,6 @@ static int nf_tables_newchain(struct net
+@@ -1612,7 +1520,6 @@ static int nf_tables_newchain(struct net
const struct nlattr * uninitialized_var(name);
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
struct nft_table *table;
struct nft_chain *chain;
u8 policy = NF_ACCEPT;
-@@ -1560,11 +1467,7 @@ static int nf_tables_newchain(struct net
+@@ -1622,11 +1529,7 @@ static int nf_tables_newchain(struct net
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -1605,7 +1508,7 @@ static int nf_tables_newchain(struct net
+@@ -1667,7 +1570,7 @@ static int nf_tables_newchain(struct net
}
}
if (chain != NULL) {
if (nlh->nlmsg_flags & NLM_F_EXCL)
-@@ -1626,7 +1529,6 @@ static int nf_tables_delchain(struct net
+@@ -1688,7 +1591,6 @@ static int nf_tables_delchain(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
struct nft_table *table;
struct nft_chain *chain;
struct nft_rule *rule;
-@@ -1635,11 +1537,7 @@ static int nf_tables_delchain(struct net
+@@ -1697,11 +1599,7 @@ static int nf_tables_delchain(struct net
u32 use;
int err;
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -1652,7 +1550,7 @@ static int nf_tables_delchain(struct net
+@@ -1714,7 +1612,7 @@ static int nf_tables_delchain(struct net
chain->use > 0)
return -EBUSY;
use = chain->use;
list_for_each_entry(rule, &chain->rules, list) {
-@@ -2075,7 +1973,7 @@ static int nf_tables_dump_rules(struct s
+@@ -2145,7 +2043,7 @@ static int nf_tables_dump_rules(struct s
cb->seq = net->nft.base_seq;
list_for_each_entry_rcu(table, &net->nft.tables, list) {
continue;
if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
-@@ -2098,7 +1996,7 @@ static int nf_tables_dump_rules(struct s
+@@ -2168,7 +2066,7 @@ static int nf_tables_dump_rules(struct s
cb->nlh->nlmsg_seq,
NFT_MSG_NEWRULE,
NLM_F_MULTI | NLM_F_APPEND,
table, chain, rule) < 0)
goto done;
-@@ -2134,7 +2032,6 @@ static int nf_tables_getrule(struct net
+@@ -2204,7 +2102,6 @@ static int nf_tables_getrule(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_cur(net);
const struct nft_table *table;
const struct nft_chain *chain;
const struct nft_rule *rule;
-@@ -2178,11 +2075,7 @@ static int nf_tables_getrule(struct net
+@@ -2248,11 +2145,7 @@ static int nf_tables_getrule(struct net
return netlink_dump_start(nlsk, skb, nlh, &c);
}
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -2240,7 +2133,7 @@ static int nf_tables_newrule(struct net
+@@ -2318,7 +2211,7 @@ static int nf_tables_newrule(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
struct nft_table *table;
struct nft_chain *chain;
struct nft_rule *rule, *old_rule = NULL;
-@@ -2256,11 +2149,7 @@ static int nf_tables_newrule(struct net
+@@ -2334,11 +2227,7 @@ static int nf_tables_newrule(struct net
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -2300,7 +2189,7 @@ static int nf_tables_newrule(struct net
+@@ -2378,7 +2267,7 @@ static int nf_tables_newrule(struct net
return PTR_ERR(old_rule);
}
n = 0;
size = 0;
-@@ -2424,18 +2313,13 @@ static int nf_tables_delrule(struct net
+@@ -2500,18 +2389,13 @@ static int nf_tables_delrule(struct net
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -2447,7 +2331,7 @@ static int nf_tables_delrule(struct net
+@@ -2523,7 +2407,7 @@ static int nf_tables_delrule(struct net
return PTR_ERR(chain);
}
if (chain) {
if (nla[NFTA_RULE_HANDLE]) {
-@@ -2632,26 +2516,17 @@ static int nft_ctx_init_from_setattr(str
+@@ -2708,26 +2592,17 @@ static int nft_ctx_init_from_setattr(str
u8 genmask)
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
return 0;
}
-@@ -2882,7 +2757,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2959,7 +2834,7 @@ static int nf_tables_dump_sets(struct sk
list_for_each_entry_rcu(table, &net->nft.tables, list) {
if (ctx->family != NFPROTO_UNSPEC &&
continue;
if (ctx->table && ctx->table != table)
-@@ -2903,7 +2778,7 @@ static int nf_tables_dump_sets(struct sk
+@@ -2980,7 +2855,7 @@ static int nf_tables_dump_sets(struct sk
ctx_set = *ctx;
ctx_set.table = table;
if (nf_tables_fill_set(skb, &ctx_set, set,
NFT_MSG_NEWSET,
-@@ -3015,8 +2890,8 @@ static int nf_tables_newset(struct net *
+@@ -3092,8 +2967,8 @@ static int nf_tables_newset(struct net *
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
struct nft_table *table;
struct nft_set *set;
struct nft_ctx ctx;
-@@ -3123,16 +2998,12 @@ static int nf_tables_newset(struct net *
+@@ -3200,16 +3075,12 @@ static int nf_tables_newset(struct net *
create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
if (IS_ERR(set)) {
-@@ -3390,19 +3261,15 @@ static int nft_ctx_init_from_elemattr(st
+@@ -3471,19 +3342,15 @@ static int nft_ctx_init_from_elemattr(st
u8 genmask)
{
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
return 0;
}
-@@ -3520,7 +3387,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3601,7 +3468,7 @@ static int nf_tables_dump_set(struct sk_
rcu_read_lock();
list_for_each_entry_rcu(table, &net->nft.tables, list) {
if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
continue;
if (table != dump_ctx->ctx.table)
-@@ -3550,7 +3417,7 @@ static int nf_tables_dump_set(struct sk_
+@@ -3631,7 +3498,7 @@ static int nf_tables_dump_set(struct sk_
goto nla_put_failure;
nfmsg = nlmsg_data(nlh);
nfmsg->version = NFNETLINK_V0;
nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
-@@ -4427,7 +4294,6 @@ static int nf_tables_newobj(struct net *
+@@ -4513,7 +4380,6 @@ static int nf_tables_newobj(struct net *
const struct nft_object_type *type;
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
struct nft_table *table;
struct nft_object *obj;
struct nft_ctx ctx;
-@@ -4439,11 +4305,7 @@ static int nf_tables_newobj(struct net *
+@@ -4525,11 +4391,7 @@ static int nf_tables_newobj(struct net *
!nla[NFTA_OBJ_DATA])
return -EINVAL;
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -4462,7 +4324,7 @@ static int nf_tables_newobj(struct net *
+@@ -4548,7 +4410,7 @@ static int nf_tables_newobj(struct net *
return 0;
}
type = nft_obj_type_get(objtype);
if (IS_ERR(type))
-@@ -4554,7 +4416,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4640,7 +4502,7 @@ static int nf_tables_dump_obj(struct sk_
cb->seq = net->nft.base_seq;
list_for_each_entry_rcu(table, &net->nft.tables, list) {
continue;
list_for_each_entry_rcu(obj, &table->objects, list) {
-@@ -4577,7 +4439,7 @@ static int nf_tables_dump_obj(struct sk_
+@@ -4663,7 +4525,7 @@ static int nf_tables_dump_obj(struct sk_
cb->nlh->nlmsg_seq,
NFT_MSG_NEWOBJ,
NLM_F_MULTI | NLM_F_APPEND,
obj, reset) < 0)
goto done;
-@@ -4635,7 +4497,6 @@ static int nf_tables_getobj(struct net *
+@@ -4721,7 +4583,6 @@ static int nf_tables_getobj(struct net *
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_cur(net);
int family = nfmsg->nfgen_family;
const struct nft_table *table;
struct nft_object *obj;
struct sk_buff *skb2;
-@@ -4666,11 +4527,7 @@ static int nf_tables_getobj(struct net *
+@@ -4752,11 +4613,7 @@ static int nf_tables_getobj(struct net *
!nla[NFTA_OBJ_TYPE])
return -EINVAL;
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -4717,7 +4574,6 @@ static int nf_tables_delobj(struct net *
+@@ -4803,7 +4660,6 @@ static int nf_tables_delobj(struct net *
const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
struct nft_table *table;
struct nft_object *obj;
struct nft_ctx ctx;
-@@ -4727,11 +4583,7 @@ static int nf_tables_delobj(struct net *
+@@ -4813,11 +4669,7 @@ static int nf_tables_delobj(struct net *
!nla[NFTA_OBJ_NAME])
return -EINVAL;
genmask);
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -4743,7 +4595,7 @@ static int nf_tables_delobj(struct net *
+@@ -4829,7 +4681,7 @@ static int nf_tables_delobj(struct net *
if (obj->use > 0)
return -EBUSY;
return nft_delobj(&ctx, obj);
}
-@@ -4928,33 +4780,31 @@ err1:
+@@ -5014,33 +4866,31 @@ err1:
return err;
}
return ERR_PTR(-EAGAIN);
}
#endif
-@@ -5002,7 +4852,6 @@ static int nf_tables_newflowtable(struct
+@@ -5088,7 +4938,6 @@ static int nf_tables_newflowtable(struct
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
struct nft_table *table;
struct nft_ctx ctx;
int err, i, k;
-@@ -5012,12 +4861,8 @@ static int nf_tables_newflowtable(struct
+@@ -5098,12 +4947,8 @@ static int nf_tables_newflowtable(struct
!nla[NFTA_FLOWTABLE_HOOK])
return -EINVAL;
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -5034,7 +4879,7 @@ static int nf_tables_newflowtable(struct
+@@ -5120,7 +4965,7 @@ static int nf_tables_newflowtable(struct
return 0;
}
flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
if (!flowtable)
-@@ -5047,7 +4892,7 @@ static int nf_tables_newflowtable(struct
+@@ -5133,7 +4978,7 @@ static int nf_tables_newflowtable(struct
goto err1;
}
if (IS_ERR(type)) {
err = PTR_ERR(type);
goto err2;
-@@ -5107,16 +4952,11 @@ static int nf_tables_delflowtable(struct
+@@ -5193,16 +5038,11 @@ static int nf_tables_delflowtable(struct
u8 genmask = nft_genmask_next(net);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -5127,7 +4967,7 @@ static int nf_tables_delflowtable(struct
+@@ -5213,7 +5053,7 @@ static int nf_tables_delflowtable(struct
if (flowtable->use > 0)
return -EBUSY;
return nft_delflowtable(&ctx, flowtable);
}
-@@ -5202,7 +5042,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5288,7 +5128,7 @@ static int nf_tables_dump_flowtable(stru
cb->seq = net->nft.base_seq;
list_for_each_entry_rcu(table, &net->nft.tables, list) {
continue;
list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
-@@ -5221,7 +5061,7 @@ static int nf_tables_dump_flowtable(stru
+@@ -5307,7 +5147,7 @@ static int nf_tables_dump_flowtable(stru
cb->nlh->nlmsg_seq,
NFT_MSG_NEWFLOWTABLE,
NLM_F_MULTI | NLM_F_APPEND,
goto done;
nl_dump_check_consistent(cb, nlmsg_hdr(skb));
-@@ -5281,7 +5121,6 @@ static int nf_tables_getflowtable(struct
+@@ -5367,7 +5207,6 @@ static int nf_tables_getflowtable(struct
u8 genmask = nft_genmask_cur(net);
int family = nfmsg->nfgen_family;
struct nft_flowtable *flowtable;
const struct nft_table *table;
struct sk_buff *skb2;
int err;
-@@ -5307,12 +5146,8 @@ static int nf_tables_getflowtable(struct
+@@ -5393,12 +5232,8 @@ static int nf_tables_getflowtable(struct
if (!nla[NFTA_FLOWTABLE_NAME])
return -EINVAL;
if (IS_ERR(table))
return PTR_ERR(table);
-@@ -6476,7 +6311,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6569,7 +6404,7 @@ int __nft_release_basechain(struct nft_c
}
EXPORT_SYMBOL_GPL(__nft_release_basechain);
{
struct nft_flowtable *flowtable, *nf;
struct nft_table *table, *nt;
-@@ -6489,7 +6324,7 @@ static void __nft_release_afinfo(struct
+@@ -6582,7 +6417,7 @@ static void __nft_release_afinfo(struct
};
list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
list_for_each_entry(chain, &table->chains, list)
nf_tables_unregister_hook(net, table, chain);
-@@ -6541,7 +6376,7 @@ static int __net_init nf_tables_init_net
+@@ -6634,7 +6469,7 @@ static int __net_init nf_tables_init_net
static void __net_exit nf_tables_exit_net(struct net *net)
{