--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
-@@ -900,8 +900,6 @@ struct nft_stats {
+@@ -924,8 +924,6 @@ struct nft_stats {
struct u64_stats_sync syncp;
};
/**
* struct nft_base_chain - nf_tables base chain
*
-@@ -913,7 +911,7 @@ struct nft_stats {
+@@ -937,7 +935,7 @@ struct nft_stats {
* @dev_name: device name that this base chain is attached to (if any)
*/
struct nft_base_chain {
const struct nf_chain_type *type;
u8 policy;
u8 flags;
-@@ -974,8 +972,6 @@ enum nft_af_flags {
+@@ -1021,8 +1019,6 @@ enum nft_af_flags {
* @owner: module owner
* @tables: used internally
* @flags: family flags
* @hooks: hookfn overrides for packet validation
*/
struct nft_af_info {
-@@ -985,9 +981,6 @@ struct nft_af_info {
+@@ -1032,9 +1028,6 @@ struct nft_af_info {
struct module *owner;
struct list_head tables;
u32 flags;
[NF_INET_LOCAL_OUT] = nft_ipv6_output,
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
-@@ -140,29 +140,26 @@ static void nft_trans_destroy(struct nft
- kfree(trans);
+@@ -173,29 +173,26 @@ static void nft_set_trans_unbind(const s
+ return __nft_set_trans_bind(ctx, set, false);
}
-static int nf_tables_register_hooks(struct net *net,
}
static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
-@@ -640,8 +637,7 @@ static void _nf_tables_table_disable(str
+@@ -662,8 +659,7 @@ static void _nf_tables_table_disable(str
if (cnt && i++ == cnt)
break;
}
}
-@@ -658,8 +654,7 @@ static int nf_tables_table_enable(struct
+@@ -680,8 +676,7 @@ static int nf_tables_table_enable(struct
if (!nft_is_base_chain(chain))
continue;
if (err < 0)
goto err;
-@@ -1071,7 +1066,7 @@ static int nf_tables_fill_chain_info(str
+@@ -1093,7 +1088,7 @@ static int nf_tables_fill_chain_info(str
if (nft_is_base_chain(chain)) {
const struct nft_base_chain *basechain = nft_base_chain(chain);
struct nlattr *nest;
nest = nla_nest_start(skb, NFTA_CHAIN_HOOK);
-@@ -1299,8 +1294,8 @@ static void nf_tables_chain_destroy(stru
+@@ -1321,8 +1316,8 @@ static void nf_tables_chain_destroy(stru
free_percpu(basechain->stats);
if (basechain->stats)
static_branch_dec(&nft_counters_enabled);
kfree(chain->name);
kfree(basechain);
} else {
-@@ -1396,7 +1391,6 @@ static int nf_tables_addchain(struct nft
+@@ -1418,7 +1413,6 @@ static int nf_tables_addchain(struct nft
struct nft_stats __percpu *stats;
struct net *net = ctx->net;
struct nft_chain *chain;
- unsigned int i;
int err;
- if (table->use == UINT_MAX)
-@@ -1435,21 +1429,18 @@ static int nf_tables_addchain(struct nft
+ if (nla[NFTA_CHAIN_HOOK]) {
+@@ -1454,21 +1448,18 @@ static int nf_tables_addchain(struct nft
basechain->type = hook.type;
chain = &basechain->chain;
chain->flags |= NFT_BASE_CHAIN;
basechain->policy = policy;
-@@ -1467,7 +1458,7 @@ static int nf_tables_addchain(struct nft
+@@ -1486,7 +1477,7 @@ static int nf_tables_addchain(struct nft
goto err1;
}
if (err < 0)
goto err1;
-@@ -1481,7 +1472,7 @@ static int nf_tables_addchain(struct nft
-
- return 0;
+@@ -1506,7 +1497,7 @@ static int nf_tables_addchain(struct nft
err2:
+ nft_use_dec_restore(&table->use);
+ err_use:
- nf_tables_unregister_hooks(net, table, chain, afi->nops);
+ nf_tables_unregister_hook(net, table, chain);
err1:
nf_tables_chain_destroy(chain);
-@@ -1494,13 +1485,12 @@ static int nf_tables_updchain(struct nft
+@@ -1519,13 +1510,12 @@ static int nf_tables_updchain(struct nft
const struct nlattr * const *nla = ctx->nla;
struct nft_table *table = ctx->table;
struct nft_chain *chain = ctx->chain;
if (nla[NFTA_CHAIN_HOOK]) {
if (!nft_is_base_chain(chain))
-@@ -1517,14 +1507,12 @@ static int nf_tables_updchain(struct nft
+@@ -1542,14 +1532,12 @@ static int nf_tables_updchain(struct nft
return -EBUSY;
}
}
nft_chain_release_hook(&hook);
}
-@@ -5168,10 +5156,9 @@ static int nf_tables_commit(struct net *
+@@ -5309,10 +5297,9 @@ static int nf_tables_commit(struct net *
case NFT_MSG_DELCHAIN:
list_del_rcu(&trans->ctx.chain->list);
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN);
break;
case NFT_MSG_NEWRULE:
nft_clear(trans->ctx.net, nft_trans_rule(trans));
-@@ -5308,10 +5295,9 @@ static int nf_tables_abort(struct net *n
+@@ -5453,10 +5440,9 @@ static int nf_tables_abort(struct net *n
} else {
- trans->ctx.table->use--;
+ nft_use_dec_restore(&trans->ctx.table->use);
list_del_rcu(&trans->ctx.chain->list);
- nf_tables_unregister_hooks(trans->ctx.net,
- trans->ctx.table,
}
break;
case NFT_MSG_DELCHAIN:
-@@ -5414,7 +5400,7 @@ int nft_chain_validate_hooks(const struc
+@@ -5569,7 +5555,7 @@ int nft_chain_validate_hooks(const struc
if (nft_is_base_chain(chain)) {
basechain = nft_base_chain(chain);
return 0;
return -EOPNOTSUPP;
-@@ -5896,8 +5882,7 @@ int __nft_release_basechain(struct nft_c
+@@ -6092,8 +6078,7 @@ int __nft_release_basechain(struct nft_c
BUG_ON(!nft_is_base_chain(ctx->chain));
+ nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain);
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
list_del(&rule->list);
- ctx->chain->use--;
-@@ -5926,8 +5911,7 @@ static void __nft_release_afinfo(struct
+ nft_use_dec(&ctx->chain->use);
+@@ -6122,8 +6107,7 @@ static void __nft_release_afinfo(struct
list_for_each_entry_safe(table, nt, &afi->tables, list) {
list_for_each_entry(chain, &table->chains, list)
projects / librecmc / librecmc.git / blobdiff