1 From: Pablo Neira Ayuso <pablo@netfilter.org>
2 Date: Tue, 9 Jan 2018 02:48:47 +0100
3 Subject: [PATCH] netfilter: nf_tables: get rid of struct nft_af_info
6 Remove the infrastructure to register/unregister nft_af_info structure,
7 this structure stores no useful information anymore.
9 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 --- a/include/net/netfilter/nf_tables.h
13 +++ b/include/net/netfilter/nf_tables.h
14 @@ -956,28 +956,12 @@ struct nft_table {
15 struct list_head flowtables;
22 - struct nft_af_info *afi;
27 - * struct nft_af_info - nf_tables address family info
29 - * @list: used internally
30 - * @family: address family
31 - * @owner: module owner
34 - struct list_head list;
36 - struct module *owner;
39 -int nft_register_afinfo(struct nft_af_info *);
40 -void nft_unregister_afinfo(struct nft_af_info *);
42 int nft_register_chain_type(const struct nf_chain_type *);
43 void nft_unregister_chain_type(const struct nf_chain_type *);
45 @@ -1145,9 +1129,6 @@ void nft_trace_notify(struct nft_tracein
46 #define nft_dereference(p) \
47 nfnl_dereference(p, NFNL_SUBSYS_NFTABLES)
49 -#define MODULE_ALIAS_NFT_FAMILY(family) \
50 - MODULE_ALIAS("nft-afinfo-" __stringify(family))
52 #define MODULE_ALIAS_NFT_CHAIN(family, name) \
53 MODULE_ALIAS("nft-chain-" __stringify(family) "-" name)
55 --- a/net/bridge/netfilter/nf_tables_bridge.c
56 +++ b/net/bridge/netfilter/nf_tables_bridge.c
57 @@ -42,11 +42,6 @@ nft_do_chain_bridge(void *priv,
58 return nft_do_chain(&pkt, priv);
61 -static struct nft_af_info nft_af_bridge __read_mostly = {
62 - .family = NFPROTO_BRIDGE,
63 - .owner = THIS_MODULE,
66 static const struct nf_chain_type filter_bridge = {
68 .type = NFT_CHAIN_T_DEFAULT,
69 @@ -68,28 +63,12 @@ static const struct nf_chain_type filter
71 static int __init nf_tables_bridge_init(void)
75 - ret = nft_register_afinfo(&nft_af_bridge);
79 - ret = nft_register_chain_type(&filter_bridge);
81 - goto err_register_chain;
86 - nft_unregister_chain_type(&filter_bridge);
89 + return nft_register_chain_type(&filter_bridge);
92 static void __exit nf_tables_bridge_exit(void)
94 nft_unregister_chain_type(&filter_bridge);
95 - nft_unregister_afinfo(&nft_af_bridge);
98 module_init(nf_tables_bridge_init);
99 @@ -97,4 +76,4 @@ module_exit(nf_tables_bridge_exit);
101 MODULE_LICENSE("GPL");
102 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
103 -MODULE_ALIAS_NFT_FAMILY(AF_BRIDGE);
104 +MODULE_ALIAS_NFT_CHAIN(AF_BRIDGE, "filter");
105 --- a/net/ipv4/netfilter/nf_tables_arp.c
106 +++ b/net/ipv4/netfilter/nf_tables_arp.c
107 @@ -27,11 +27,6 @@ nft_do_chain_arp(void *priv,
108 return nft_do_chain(&pkt, priv);
111 -static struct nft_af_info nft_af_arp __read_mostly = {
112 - .family = NFPROTO_ARP,
113 - .owner = THIS_MODULE,
116 static const struct nf_chain_type filter_arp = {
118 .type = NFT_CHAIN_T_DEFAULT,
119 @@ -47,28 +42,12 @@ static const struct nf_chain_type filter
121 static int __init nf_tables_arp_init(void)
125 - ret = nft_register_afinfo(&nft_af_arp);
129 - ret = nft_register_chain_type(&filter_arp);
131 - goto err_register_chain;
136 - nft_unregister_chain_type(&filter_arp);
139 + return nft_register_chain_type(&filter_arp);
142 static void __exit nf_tables_arp_exit(void)
144 nft_unregister_chain_type(&filter_arp);
145 - nft_unregister_afinfo(&nft_af_arp);
148 module_init(nf_tables_arp_init);
149 @@ -76,4 +55,4 @@ module_exit(nf_tables_arp_exit);
151 MODULE_LICENSE("GPL");
152 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
153 -MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */
154 +MODULE_ALIAS_NFT_CHAIN(3, "filter"); /* NFPROTO_ARP */
155 --- a/net/ipv4/netfilter/nf_tables_ipv4.c
156 +++ b/net/ipv4/netfilter/nf_tables_ipv4.c
157 @@ -30,11 +30,6 @@ static unsigned int nft_do_chain_ipv4(vo
158 return nft_do_chain(&pkt, priv);
161 -static struct nft_af_info nft_af_ipv4 __read_mostly = {
162 - .family = NFPROTO_IPV4,
163 - .owner = THIS_MODULE,
166 static const struct nf_chain_type filter_ipv4 = {
168 .type = NFT_CHAIN_T_DEFAULT,
169 @@ -56,27 +51,12 @@ static const struct nf_chain_type filter
171 static int __init nf_tables_ipv4_init(void)
175 - ret = nft_register_afinfo(&nft_af_ipv4);
179 - ret = nft_register_chain_type(&filter_ipv4);
181 - goto err_register_chain;
186 - nft_unregister_afinfo(&nft_af_ipv4);
188 + return nft_register_chain_type(&filter_ipv4);
191 static void __exit nf_tables_ipv4_exit(void)
193 nft_unregister_chain_type(&filter_ipv4);
194 - nft_unregister_afinfo(&nft_af_ipv4);
197 module_init(nf_tables_ipv4_init);
198 @@ -84,4 +64,4 @@ module_exit(nf_tables_ipv4_exit);
200 MODULE_LICENSE("GPL");
201 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
202 -MODULE_ALIAS_NFT_FAMILY(AF_INET);
203 +MODULE_ALIAS_NFT_CHAIN(AF_INET, "filter");
204 --- a/net/ipv6/netfilter/nf_tables_ipv6.c
205 +++ b/net/ipv6/netfilter/nf_tables_ipv6.c
206 @@ -28,11 +28,6 @@ static unsigned int nft_do_chain_ipv6(vo
207 return nft_do_chain(&pkt, priv);
210 -static struct nft_af_info nft_af_ipv6 __read_mostly = {
211 - .family = NFPROTO_IPV6,
212 - .owner = THIS_MODULE,
215 static const struct nf_chain_type filter_ipv6 = {
217 .type = NFT_CHAIN_T_DEFAULT,
218 @@ -54,26 +49,11 @@ static const struct nf_chain_type filter
220 static int __init nf_tables_ipv6_init(void)
224 - ret = nft_register_afinfo(&nft_af_ipv6);
228 - ret = nft_register_chain_type(&filter_ipv6);
230 - goto err_register_chain;
235 - nft_unregister_afinfo(&nft_af_ipv6);
237 + return nft_register_chain_type(&filter_ipv6);
240 static void __exit nf_tables_ipv6_exit(void)
242 - nft_unregister_afinfo(&nft_af_ipv6);
243 nft_unregister_chain_type(&filter_ipv6);
246 @@ -82,4 +62,4 @@ module_exit(nf_tables_ipv6_exit);
248 MODULE_LICENSE("GPL");
249 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
250 -MODULE_ALIAS_NFT_FAMILY(AF_INET6);
251 +MODULE_ALIAS_NFT_CHAIN(AF_INET6, "filter");
252 --- a/net/netfilter/nf_tables_api.c
253 +++ b/net/netfilter/nf_tables_api.c
255 static LIST_HEAD(nf_tables_expressions);
256 static LIST_HEAD(nf_tables_objects);
257 static LIST_HEAD(nf_tables_flowtables);
258 -static LIST_HEAD(nf_tables_af_info);
261 - * nft_register_afinfo - register nf_tables address family info
263 - * @afi: address family info to register
265 - * Register the address family for use with nf_tables. Returns zero on
266 - * success or a negative errno code otherwise.
268 -int nft_register_afinfo(struct nft_af_info *afi)
270 - nfnl_lock(NFNL_SUBSYS_NFTABLES);
271 - list_add_tail_rcu(&afi->list, &nf_tables_af_info);
272 - nfnl_unlock(NFNL_SUBSYS_NFTABLES);
275 -EXPORT_SYMBOL_GPL(nft_register_afinfo);
278 - * nft_unregister_afinfo - unregister nf_tables address family info
280 - * @afi: address family info to unregister
282 - * Unregister the address family for use with nf_tables.
284 -void nft_unregister_afinfo(struct nft_af_info *afi)
286 - nfnl_lock(NFNL_SUBSYS_NFTABLES);
287 - list_del_rcu(&afi->list);
288 - nfnl_unlock(NFNL_SUBSYS_NFTABLES);
290 -EXPORT_SYMBOL_GPL(nft_unregister_afinfo);
292 -static struct nft_af_info *nft_afinfo_lookup(struct net *net, int family)
294 - struct nft_af_info *afi;
296 - list_for_each_entry(afi, &nf_tables_af_info, list) {
297 - if (afi->family == family)
303 -static struct nft_af_info *
304 -nf_tables_afinfo_lookup(struct net *net, int family, bool autoload)
306 - struct nft_af_info *afi;
308 - afi = nft_afinfo_lookup(net, family);
311 -#ifdef CONFIG_MODULES
313 - nfnl_unlock(NFNL_SUBSYS_NFTABLES);
314 - request_module("nft-afinfo-%u", family);
315 - nfnl_lock(NFNL_SUBSYS_NFTABLES);
316 - afi = nft_afinfo_lookup(net, family);
318 - return ERR_PTR(-EAGAIN);
321 - return ERR_PTR(-EAFNOSUPPORT);
324 static void nft_ctx_init(struct nft_ctx *ctx,
326 @@ -434,7 +369,7 @@ static struct nft_table *nft_table_looku
328 list_for_each_entry(table, &net->nft.tables, list) {
329 if (!nla_strcmp(nla, table->name) &&
330 - table->afi->family == family &&
331 + table->family == family &&
332 nft_active_genmask(table, genmask))
335 @@ -575,7 +510,7 @@ static int nf_tables_dump_tables(struct
336 cb->seq = net->nft.base_seq;
338 list_for_each_entry_rcu(table, &net->nft.tables, list) {
339 - if (family != NFPROTO_UNSPEC && family != table->afi->family)
340 + if (family != NFPROTO_UNSPEC && family != table->family)
344 @@ -589,7 +524,7 @@ static int nf_tables_dump_tables(struct
345 NETLINK_CB(cb->skb).portid,
347 NFT_MSG_NEWTABLE, NLM_F_MULTI,
348 - table->afi->family, table) < 0)
349 + table->family, table) < 0)
352 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
353 @@ -609,7 +544,6 @@ static int nf_tables_gettable(struct net
355 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
356 u8 genmask = nft_genmask_cur(net);
357 - const struct nft_af_info *afi;
358 const struct nft_table *table;
359 struct sk_buff *skb2;
360 int family = nfmsg->nfgen_family;
361 @@ -622,11 +556,7 @@ static int nf_tables_gettable(struct net
362 return netlink_dump_start(nlsk, skb, nlh, &c);
365 - afi = nf_tables_afinfo_lookup(net, family, false);
367 - return PTR_ERR(afi);
369 - table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family,
370 + table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family,
373 return PTR_ERR(table);
374 @@ -746,19 +676,14 @@ static int nf_tables_newtable(struct net
375 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
376 u8 genmask = nft_genmask_next(net);
377 const struct nlattr *name;
378 - struct nft_af_info *afi;
379 struct nft_table *table;
380 int family = nfmsg->nfgen_family;
385 - afi = nf_tables_afinfo_lookup(net, family, true);
387 - return PTR_ERR(afi);
389 name = nla[NFTA_TABLE_NAME];
390 - table = nf_tables_table_lookup(net, name, afi->family, genmask);
391 + table = nf_tables_table_lookup(net, name, family, genmask);
393 if (PTR_ERR(table) != -ENOENT)
394 return PTR_ERR(table);
395 @@ -768,7 +693,7 @@ static int nf_tables_newtable(struct net
396 if (nlh->nlmsg_flags & NLM_F_REPLACE)
399 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
400 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
401 return nf_tables_updtable(&ctx);
404 @@ -778,40 +703,34 @@ static int nf_tables_newtable(struct net
408 - err = -EAFNOSUPPORT;
409 - if (!try_module_get(afi->owner))
413 table = kzalloc(sizeof(*table), GFP_KERNEL);
418 table->name = nla_strdup(name, GFP_KERNEL);
419 if (table->name == NULL)
423 INIT_LIST_HEAD(&table->chains);
424 INIT_LIST_HEAD(&table->sets);
425 INIT_LIST_HEAD(&table->objects);
426 INIT_LIST_HEAD(&table->flowtables);
428 + table->family = family;
429 table->flags = flags;
431 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
432 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
433 err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
438 list_add_tail_rcu(&table->list, &net->nft.tables);
447 - module_put(afi->owner);
453 @@ -882,10 +801,10 @@ static int nft_flush(struct nft_ctx *ctx
456 list_for_each_entry_safe(table, nt, &ctx->net->nft.tables, list) {
457 - if (family != AF_UNSPEC && table->afi->family != family)
458 + if (family != AF_UNSPEC && table->family != family)
461 - ctx->family = table->afi->family;
462 + ctx->family = table->family;
464 if (!nft_is_active_next(ctx->net, table))
466 @@ -911,7 +830,6 @@ static int nf_tables_deltable(struct net
468 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
469 u8 genmask = nft_genmask_next(net);
470 - struct nft_af_info *afi;
471 struct nft_table *table;
472 int family = nfmsg->nfgen_family;
474 @@ -920,11 +838,7 @@ static int nf_tables_deltable(struct net
475 if (family == AF_UNSPEC || nla[NFTA_TABLE_NAME] == NULL)
476 return nft_flush(&ctx, family);
478 - afi = nf_tables_afinfo_lookup(net, family, false);
480 - return PTR_ERR(afi);
482 - table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], afi->family,
483 + table = nf_tables_table_lookup(net, nla[NFTA_TABLE_NAME], family,
486 return PTR_ERR(table);
487 @@ -933,7 +847,7 @@ static int nf_tables_deltable(struct net
491 - ctx.family = afi->family;
492 + ctx.family = family;
495 return nft_flush_table(&ctx);
496 @@ -945,7 +859,6 @@ static void nf_tables_table_destroy(stru
498 kfree(ctx->table->name);
500 - module_put(ctx->table->afi->owner);
503 int nft_register_chain_type(const struct nf_chain_type *ctype)
504 @@ -1174,7 +1087,7 @@ static int nf_tables_dump_chains(struct
505 cb->seq = net->nft.base_seq;
507 list_for_each_entry_rcu(table, &net->nft.tables, list) {
508 - if (family != NFPROTO_UNSPEC && family != table->afi->family)
509 + if (family != NFPROTO_UNSPEC && family != table->family)
512 list_for_each_entry_rcu(chain, &table->chains, list) {
513 @@ -1190,7 +1103,7 @@ static int nf_tables_dump_chains(struct
517 - table->afi->family, table,
518 + table->family, table,
522 @@ -1212,7 +1125,6 @@ static int nf_tables_getchain(struct net
524 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
525 u8 genmask = nft_genmask_cur(net);
526 - const struct nft_af_info *afi;
527 const struct nft_table *table;
528 const struct nft_chain *chain;
529 struct sk_buff *skb2;
530 @@ -1226,11 +1138,7 @@ static int nf_tables_getchain(struct net
531 return netlink_dump_start(nlsk, skb, nlh, &c);
534 - afi = nf_tables_afinfo_lookup(net, family, false);
536 - return PTR_ERR(afi);
538 - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family,
539 + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family,
542 return PTR_ERR(table);
543 @@ -1612,7 +1520,6 @@ static int nf_tables_newchain(struct net
544 const struct nlattr * uninitialized_var(name);
545 u8 genmask = nft_genmask_next(net);
546 int family = nfmsg->nfgen_family;
547 - struct nft_af_info *afi;
548 struct nft_table *table;
549 struct nft_chain *chain;
550 u8 policy = NF_ACCEPT;
551 @@ -1622,11 +1529,7 @@ static int nf_tables_newchain(struct net
553 create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
555 - afi = nf_tables_afinfo_lookup(net, family, true);
557 - return PTR_ERR(afi);
559 - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family,
560 + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family,
563 return PTR_ERR(table);
564 @@ -1667,7 +1570,7 @@ static int nf_tables_newchain(struct net
568 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
569 + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
572 if (nlh->nlmsg_flags & NLM_F_EXCL)
573 @@ -1688,7 +1591,6 @@ static int nf_tables_delchain(struct net
575 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
576 u8 genmask = nft_genmask_next(net);
577 - struct nft_af_info *afi;
578 struct nft_table *table;
579 struct nft_chain *chain;
580 struct nft_rule *rule;
581 @@ -1697,11 +1599,7 @@ static int nf_tables_delchain(struct net
585 - afi = nf_tables_afinfo_lookup(net, family, false);
587 - return PTR_ERR(afi);
589 - table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], afi->family,
590 + table = nf_tables_table_lookup(net, nla[NFTA_CHAIN_TABLE], family,
593 return PTR_ERR(table);
594 @@ -1714,7 +1612,7 @@ static int nf_tables_delchain(struct net
598 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
599 + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
602 list_for_each_entry(rule, &chain->rules, list) {
603 @@ -2145,7 +2043,7 @@ static int nf_tables_dump_rules(struct s
604 cb->seq = net->nft.base_seq;
606 list_for_each_entry_rcu(table, &net->nft.tables, list) {
607 - if (family != NFPROTO_UNSPEC && family != table->afi->family)
608 + if (family != NFPROTO_UNSPEC && family != table->family)
611 if (ctx && ctx->table && strcmp(ctx->table, table->name) != 0)
612 @@ -2168,7 +2066,7 @@ static int nf_tables_dump_rules(struct s
615 NLM_F_MULTI | NLM_F_APPEND,
616 - table->afi->family,
618 table, chain, rule) < 0)
621 @@ -2204,7 +2102,6 @@ static int nf_tables_getrule(struct net
623 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
624 u8 genmask = nft_genmask_cur(net);
625 - const struct nft_af_info *afi;
626 const struct nft_table *table;
627 const struct nft_chain *chain;
628 const struct nft_rule *rule;
629 @@ -2248,11 +2145,7 @@ static int nf_tables_getrule(struct net
630 return netlink_dump_start(nlsk, skb, nlh, &c);
633 - afi = nf_tables_afinfo_lookup(net, family, false);
635 - return PTR_ERR(afi);
637 - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family,
638 + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family,
641 return PTR_ERR(table);
642 @@ -2318,7 +2211,7 @@ static int nf_tables_newrule(struct net
644 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
645 u8 genmask = nft_genmask_next(net);
646 - struct nft_af_info *afi;
647 + int family = nfmsg->nfgen_family;
648 struct nft_table *table;
649 struct nft_chain *chain;
650 struct nft_rule *rule, *old_rule = NULL;
651 @@ -2334,11 +2227,7 @@ static int nf_tables_newrule(struct net
653 create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
655 - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create);
657 - return PTR_ERR(afi);
659 - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family,
660 + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family,
663 return PTR_ERR(table);
664 @@ -2378,7 +2267,7 @@ static int nf_tables_newrule(struct net
665 return PTR_ERR(old_rule);
668 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
669 + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
673 @@ -2500,18 +2389,13 @@ static int nf_tables_delrule(struct net
675 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
676 u8 genmask = nft_genmask_next(net);
677 - struct nft_af_info *afi;
678 struct nft_table *table;
679 struct nft_chain *chain = NULL;
680 struct nft_rule *rule;
681 int family = nfmsg->nfgen_family, err = 0;
684 - afi = nf_tables_afinfo_lookup(net, family, false);
686 - return PTR_ERR(afi);
688 - table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], afi->family,
689 + table = nf_tables_table_lookup(net, nla[NFTA_RULE_TABLE], family,
692 return PTR_ERR(table);
693 @@ -2523,7 +2407,7 @@ static int nf_tables_delrule(struct net
694 return PTR_ERR(chain);
697 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, chain, nla);
698 + nft_ctx_init(&ctx, net, skb, nlh, family, table, chain, nla);
701 if (nla[NFTA_RULE_HANDLE]) {
702 @@ -2708,26 +2592,17 @@ static int nft_ctx_init_from_setattr(str
705 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
706 - struct nft_af_info *afi = NULL;
707 + int family = nfmsg->nfgen_family;
708 struct nft_table *table = NULL;
710 - if (nfmsg->nfgen_family != NFPROTO_UNSPEC) {
711 - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false);
713 - return PTR_ERR(afi);
716 if (nla[NFTA_SET_TABLE] != NULL) {
718 - return -EAFNOSUPPORT;
720 table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE],
721 - afi->family, genmask);
724 return PTR_ERR(table);
727 - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla);
728 + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla);
732 @@ -2959,7 +2834,7 @@ static int nf_tables_dump_sets(struct sk
734 list_for_each_entry_rcu(table, &net->nft.tables, list) {
735 if (ctx->family != NFPROTO_UNSPEC &&
736 - ctx->family != table->afi->family)
737 + ctx->family != table->family)
740 if (ctx->table && ctx->table != table)
741 @@ -2980,7 +2855,7 @@ static int nf_tables_dump_sets(struct sk
744 ctx_set.table = table;
745 - ctx_set.family = table->afi->family;
746 + ctx_set.family = table->family;
748 if (nf_tables_fill_set(skb, &ctx_set, set,
750 @@ -3092,8 +2967,8 @@ static int nf_tables_newset(struct net *
752 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
753 u8 genmask = nft_genmask_next(net);
754 + int family = nfmsg->nfgen_family;
755 const struct nft_set_ops *ops;
756 - struct nft_af_info *afi;
757 struct nft_table *table;
760 @@ -3203,16 +3078,12 @@ static int nf_tables_newset(struct net *
762 create = nlh->nlmsg_flags & NLM_F_CREATE ? true : false;
764 - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, create);
766 - return PTR_ERR(afi);
768 - table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], afi->family,
769 + table = nf_tables_table_lookup(net, nla[NFTA_SET_TABLE], family,
772 return PTR_ERR(table);
774 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
775 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
777 set = nf_tables_set_lookup(table, nla[NFTA_SET_NAME], genmask);
779 @@ -3474,19 +3345,15 @@ static int nft_ctx_init_from_elemattr(st
782 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
783 - struct nft_af_info *afi;
784 + int family = nfmsg->nfgen_family;
785 struct nft_table *table;
787 - afi = nf_tables_afinfo_lookup(net, nfmsg->nfgen_family, false);
789 - return PTR_ERR(afi);
791 table = nf_tables_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE],
792 - afi->family, genmask);
795 return PTR_ERR(table);
797 - nft_ctx_init(ctx, net, skb, nlh, afi->family, table, NULL, nla);
798 + nft_ctx_init(ctx, net, skb, nlh, family, table, NULL, nla);
802 @@ -3604,7 +3471,7 @@ static int nf_tables_dump_set(struct sk_
804 list_for_each_entry_rcu(table, &net->nft.tables, list) {
805 if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
806 - dump_ctx->ctx.family != table->afi->family)
807 + dump_ctx->ctx.family != table->family)
810 if (table != dump_ctx->ctx.table)
811 @@ -3634,7 +3501,7 @@ static int nf_tables_dump_set(struct sk_
812 goto nla_put_failure;
814 nfmsg = nlmsg_data(nlh);
815 - nfmsg->nfgen_family = table->afi->family;
816 + nfmsg->nfgen_family = table->family;
817 nfmsg->version = NFNETLINK_V0;
818 nfmsg->res_id = htons(net->nft.base_seq & 0xffff);
820 @@ -4516,7 +4383,6 @@ static int nf_tables_newobj(struct net *
821 const struct nft_object_type *type;
822 u8 genmask = nft_genmask_next(net);
823 int family = nfmsg->nfgen_family;
824 - struct nft_af_info *afi;
825 struct nft_table *table;
826 struct nft_object *obj;
828 @@ -4528,11 +4394,7 @@ static int nf_tables_newobj(struct net *
832 - afi = nf_tables_afinfo_lookup(net, family, true);
834 - return PTR_ERR(afi);
836 - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family,
837 + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
840 return PTR_ERR(table);
841 @@ -4551,7 +4413,7 @@ static int nf_tables_newobj(struct net *
845 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
846 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
848 type = nft_obj_type_get(objtype);
850 @@ -4643,7 +4505,7 @@ static int nf_tables_dump_obj(struct sk_
851 cb->seq = net->nft.base_seq;
853 list_for_each_entry_rcu(table, &net->nft.tables, list) {
854 - if (family != NFPROTO_UNSPEC && family != table->afi->family)
855 + if (family != NFPROTO_UNSPEC && family != table->family)
858 list_for_each_entry_rcu(obj, &table->objects, list) {
859 @@ -4666,7 +4528,7 @@ static int nf_tables_dump_obj(struct sk_
862 NLM_F_MULTI | NLM_F_APPEND,
863 - table->afi->family, table,
864 + table->family, table,
868 @@ -4724,7 +4586,6 @@ static int nf_tables_getobj(struct net *
869 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
870 u8 genmask = nft_genmask_cur(net);
871 int family = nfmsg->nfgen_family;
872 - const struct nft_af_info *afi;
873 const struct nft_table *table;
874 struct nft_object *obj;
875 struct sk_buff *skb2;
876 @@ -4755,11 +4616,7 @@ static int nf_tables_getobj(struct net *
880 - afi = nf_tables_afinfo_lookup(net, family, false);
882 - return PTR_ERR(afi);
884 - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family,
885 + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
888 return PTR_ERR(table);
889 @@ -4806,7 +4663,6 @@ static int nf_tables_delobj(struct net *
890 const struct nfgenmsg *nfmsg = nlmsg_data(nlh);
891 u8 genmask = nft_genmask_next(net);
892 int family = nfmsg->nfgen_family;
893 - struct nft_af_info *afi;
894 struct nft_table *table;
895 struct nft_object *obj;
897 @@ -4816,11 +4672,7 @@ static int nf_tables_delobj(struct net *
901 - afi = nf_tables_afinfo_lookup(net, family, true);
903 - return PTR_ERR(afi);
905 - table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], afi->family,
906 + table = nf_tables_table_lookup(net, nla[NFTA_OBJ_TABLE], family,
909 return PTR_ERR(table);
910 @@ -4832,7 +4684,7 @@ static int nf_tables_delobj(struct net *
914 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
915 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
917 return nft_delobj(&ctx, obj);
919 @@ -5017,33 +4869,31 @@ err1:
923 -static const struct nf_flowtable_type *
924 -__nft_flowtable_type_get(const struct nft_af_info *afi)
925 +static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family)
927 const struct nf_flowtable_type *type;
929 list_for_each_entry(type, &nf_tables_flowtables, list) {
930 - if (afi->family == type->family)
931 + if (family == type->family)
937 -static const struct nf_flowtable_type *
938 -nft_flowtable_type_get(const struct nft_af_info *afi)
939 +static const struct nf_flowtable_type *nft_flowtable_type_get(u8 family)
941 const struct nf_flowtable_type *type;
943 - type = __nft_flowtable_type_get(afi);
944 + type = __nft_flowtable_type_get(family);
945 if (type != NULL && try_module_get(type->owner))
948 #ifdef CONFIG_MODULES
950 nfnl_unlock(NFNL_SUBSYS_NFTABLES);
951 - request_module("nf-flowtable-%u", afi->family);
952 + request_module("nf-flowtable-%u", family);
953 nfnl_lock(NFNL_SUBSYS_NFTABLES);
954 - if (__nft_flowtable_type_get(afi))
955 + if (__nft_flowtable_type_get(family))
956 return ERR_PTR(-EAGAIN);
959 @@ -5091,7 +4941,6 @@ static int nf_tables_newflowtable(struct
960 u8 genmask = nft_genmask_next(net);
961 int family = nfmsg->nfgen_family;
962 struct nft_flowtable *flowtable;
963 - struct nft_af_info *afi;
964 struct nft_table *table;
967 @@ -5101,12 +4950,8 @@ static int nf_tables_newflowtable(struct
968 !nla[NFTA_FLOWTABLE_HOOK])
971 - afi = nf_tables_afinfo_lookup(net, family, true);
973 - return PTR_ERR(afi);
975 table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
976 - afi->family, genmask);
979 return PTR_ERR(table);
981 @@ -5123,7 +4968,7 @@ static int nf_tables_newflowtable(struct
985 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
986 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
988 flowtable = kzalloc(sizeof(*flowtable), GFP_KERNEL);
990 @@ -5136,7 +4981,7 @@ static int nf_tables_newflowtable(struct
994 - type = nft_flowtable_type_get(afi);
995 + type = nft_flowtable_type_get(family);
999 @@ -5196,16 +5041,11 @@ static int nf_tables_delflowtable(struct
1000 u8 genmask = nft_genmask_next(net);
1001 int family = nfmsg->nfgen_family;
1002 struct nft_flowtable *flowtable;
1003 - struct nft_af_info *afi;
1004 struct nft_table *table;
1007 - afi = nf_tables_afinfo_lookup(net, family, true);
1009 - return PTR_ERR(afi);
1011 table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
1012 - afi->family, genmask);
1015 return PTR_ERR(table);
1017 @@ -5216,7 +5056,7 @@ static int nf_tables_delflowtable(struct
1018 if (flowtable->use > 0)
1021 - nft_ctx_init(&ctx, net, skb, nlh, afi->family, table, NULL, nla);
1022 + nft_ctx_init(&ctx, net, skb, nlh, family, table, NULL, nla);
1024 return nft_delflowtable(&ctx, flowtable);
1026 @@ -5291,7 +5131,7 @@ static int nf_tables_dump_flowtable(stru
1027 cb->seq = net->nft.base_seq;
1029 list_for_each_entry_rcu(table, &net->nft.tables, list) {
1030 - if (family != NFPROTO_UNSPEC && family != table->afi->family)
1031 + if (family != NFPROTO_UNSPEC && family != table->family)
1034 list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
1035 @@ -5310,7 +5150,7 @@ static int nf_tables_dump_flowtable(stru
1037 NFT_MSG_NEWFLOWTABLE,
1038 NLM_F_MULTI | NLM_F_APPEND,
1039 - table->afi->family, flowtable) < 0)
1040 + table->family, flowtable) < 0)
1043 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1044 @@ -5370,7 +5210,6 @@ static int nf_tables_getflowtable(struct
1045 u8 genmask = nft_genmask_cur(net);
1046 int family = nfmsg->nfgen_family;
1047 struct nft_flowtable *flowtable;
1048 - const struct nft_af_info *afi;
1049 const struct nft_table *table;
1050 struct sk_buff *skb2;
1052 @@ -5396,12 +5235,8 @@ static int nf_tables_getflowtable(struct
1053 if (!nla[NFTA_FLOWTABLE_NAME])
1056 - afi = nf_tables_afinfo_lookup(net, family, false);
1058 - return PTR_ERR(afi);
1060 table = nf_tables_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE],
1061 - afi->family, genmask);
1064 return PTR_ERR(table);
1066 @@ -6572,7 +6407,7 @@ int __nft_release_basechain(struct nft_c
1068 EXPORT_SYMBOL_GPL(__nft_release_basechain);
1070 -static void __nft_release_afinfo(struct net *net)
1071 +static void __nft_release_tables(struct net *net)
1073 struct nft_flowtable *flowtable, *nf;
1074 struct nft_table *table, *nt;
1075 @@ -6585,7 +6420,7 @@ static void __nft_release_afinfo(struct
1078 list_for_each_entry_safe(table, nt, &net->nft.tables, list) {
1079 - ctx.family = table->afi->family;
1080 + ctx.family = table->family;
1082 list_for_each_entry(chain, &table->chains, list)
1083 nf_tables_unregister_hook(net, table, chain);
1084 @@ -6637,7 +6472,7 @@ static int __net_init nf_tables_init_net
1086 static void __net_exit nf_tables_exit_net(struct net *net)
1088 - __nft_release_afinfo(net);
1089 + __nft_release_tables(net);
1090 WARN_ON_ONCE(!list_empty(&net->nft.tables));
1091 WARN_ON_ONCE(!list_empty(&net->nft.commit_list));
1093 --- a/net/netfilter/nf_tables_inet.c
1094 +++ b/net/netfilter/nf_tables_inet.c
1095 @@ -38,11 +38,6 @@ static unsigned int nft_do_chain_inet(vo
1096 return nft_do_chain(&pkt, priv);
1099 -static struct nft_af_info nft_af_inet __read_mostly = {
1100 - .family = NFPROTO_INET,
1101 - .owner = THIS_MODULE,
1104 static const struct nf_chain_type filter_inet = {
1106 .type = NFT_CHAIN_T_DEFAULT,
1107 @@ -64,26 +59,12 @@ static const struct nf_chain_type filter
1109 static int __init nf_tables_inet_init(void)
1113 - if (nft_register_afinfo(&nft_af_inet) < 0)
1116 - ret = nft_register_chain_type(&filter_inet);
1118 - goto err_register_chain;
1122 -err_register_chain:
1123 - nft_unregister_afinfo(&nft_af_inet);
1125 + return nft_register_chain_type(&filter_inet);
1128 static void __exit nf_tables_inet_exit(void)
1130 nft_unregister_chain_type(&filter_inet);
1131 - nft_unregister_afinfo(&nft_af_inet);
1134 module_init(nf_tables_inet_init);
1135 @@ -91,4 +72,4 @@ module_exit(nf_tables_inet_exit);
1137 MODULE_LICENSE("GPL");
1138 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
1139 -MODULE_ALIAS_NFT_FAMILY(1);
1140 +MODULE_ALIAS_NFT_CHAIN(1, "filter");
1141 --- a/net/netfilter/nf_tables_netdev.c
1142 +++ b/net/netfilter/nf_tables_netdev.c
1143 @@ -38,11 +38,6 @@ nft_do_chain_netdev(void *priv, struct s
1144 return nft_do_chain(&pkt, priv);
1147 -static struct nft_af_info nft_af_netdev __read_mostly = {
1148 - .family = NFPROTO_NETDEV,
1149 - .owner = THIS_MODULE,
1152 static const struct nf_chain_type nft_filter_chain_netdev = {
1154 .type = NFT_CHAIN_T_DEFAULT,
1155 @@ -91,10 +86,10 @@ static int nf_tables_netdev_event(struct
1157 nfnl_lock(NFNL_SUBSYS_NFTABLES);
1158 list_for_each_entry(table, &ctx.net->nft.tables, list) {
1159 - if (table->afi->family != NFPROTO_NETDEV)
1160 + if (table->family != NFPROTO_NETDEV)
1163 - ctx.family = table->afi->family;
1164 + ctx.family = table->family;
1166 list_for_each_entry_safe(chain, nr, &table->chains, list) {
1167 if (!nft_is_base_chain(chain))
1168 @@ -117,12 +112,9 @@ static int __init nf_tables_netdev_init(
1172 - if (nft_register_afinfo(&nft_af_netdev) < 0)
1175 ret = nft_register_chain_type(&nft_filter_chain_netdev);
1177 - goto err_register_chain_type;
1180 ret = register_netdevice_notifier(&nf_tables_netdev_notifier);
1182 @@ -132,8 +124,6 @@ static int __init nf_tables_netdev_init(
1184 err_register_netdevice_notifier:
1185 nft_unregister_chain_type(&nft_filter_chain_netdev);
1186 -err_register_chain_type:
1187 - nft_unregister_afinfo(&nft_af_netdev);
1191 @@ -142,7 +132,6 @@ static void __exit nf_tables_netdev_exit
1193 unregister_netdevice_notifier(&nf_tables_netdev_notifier);
1194 nft_unregister_chain_type(&nft_filter_chain_netdev);
1195 - nft_unregister_afinfo(&nft_af_netdev);
1198 module_init(nf_tables_netdev_init);
1199 @@ -150,4 +139,4 @@ module_exit(nf_tables_netdev_exit);
1201 MODULE_LICENSE("GPL");
1202 MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
1203 -MODULE_ALIAS_NFT_FAMILY(5); /* NFPROTO_NETDEV */
1204 +MODULE_ALIAS_NFT_CHAIN(5, "filter"); /* NFPROTO_NETDEV */