From patchwork Wed Oct 23 14:57:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001153 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=COzOykgi; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=139.178.88.99; helo=sv.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4661-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org [139.178.88.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXSz0LDVz1xwf for ; Thu, 24 Oct 2024 02:06:58 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9AFD12816B9 for ; Wed, 23 Oct 2024 15:06:57 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2732B1C305A; Wed, 23 Oct 2024 14:57:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="COzOykgi" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A413815B99D for ; Wed, 23 Oct 2024 14:57:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695463; cv=none; b=pfUz55Z/oaKSTZ0p5aZ2sSWDnQ3boHRRKvlB7r/xLD5uTWpM8SprZXTNhaHROe2QornUThOXvKeVCksx1kNJ39qkEmSZRmdV/Atl/msgV0JOhlFrdMsdcINd35C9AyHQ5Nlb3BIrhvHK3yOjrkTMecOdt9IvFnhasdxncx5IOWU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695463; c=relaxed/simple; bh=BORdh8ZhWKZ3/xZ7LPhe6fSux9SI+cPvTYXQxLAjTnE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cO9jZwb7QEfUh44q4kFjuZb8923lp0H+oC9XtJq2FNZhmyP46O3r+DSBtEwc8WblUpKGLcHY04udPnTMZ3qQWPKnHeoZvoxEH5f//8Tqc6sqM8M0ZUI9jYByIRnNlCsiaCkNJlujFRzZ4P8R3s+SfWlDsQwC7tEaI9wG+52oz+w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=COzOykgi; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=1FyTMvcf0lAYejdUM5VbVDdyBsfOZCzlzUsd/l0c7uI=; b=COzOykgitmfBJW5gXUb/9gV7UW m2eVHDZuRZQOMVVSMsaRz0IBWGzEF0qZ35wU13MfjJIpPv/XW2bDHTUYihyNwhBYAJXBkT3qVyLp8 y/bzmHv3WSOCNYiQFvQ4BXRJprgoR9zusYSGwmYkJXl6Kmn9X6DmbBOhVoPvlqsgTGPX5ZaYBaamO Lr7I32m5nKukhSwxZjZA0UUNrj1aP1b6AxzFb0/caX7Ml2mfI/clMOjt7jF432IJmDnsC+KG138fe JmNPJlu6i7zGlO3cv3vQYbK0ygoStlkCgwW66BZ2eXYCXp9rEmcYklyHy6NxWPMp/GK3REaA0XpsE fCwnSRwg==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cnk-000000003sQ-1pw3; Wed, 23 Oct 2024 16:57:32 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 1/7] netfilter: nf_tables: Flowtable hook's pf value never varies Date: Wed, 23 Oct 2024 16:57:24 +0200 Message-ID: <20241023145730.16896-2-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 When checking for duplicate hooks in nft_register_flowtable_net_hooks(), comparing ops.pf value is pointless as it is always NFPROTO_NETDEV with flowtable hooks. Dropping the check leaves the search identical to the one in nft_hook_list_find() so call that function instead of open coding. Signed-off-by: Phil Sutter --- net/netfilter/nf_tables_api.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 30331688301e..d4563313d5e0 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -8569,7 +8569,7 @@ static int nft_register_flowtable_net_hooks(struct net *net, struct list_head *hook_list, struct nft_flowtable *flowtable) { - struct nft_hook *hook, *hook2, *next; + struct nft_hook *hook, *next; struct nft_flowtable *ft; int err, i = 0; @@ -8578,12 +8578,9 @@ static int nft_register_flowtable_net_hooks(struct net *net, if (!nft_is_active_next(net, ft)) continue; - list_for_each_entry(hook2, &ft->hook_list, list) { - if (hook->ops.dev == hook2->ops.dev && - hook->ops.pf == hook2->ops.pf) { - err = -EEXIST; - goto err_unregister_net_hooks; - } + if (nft_hook_list_find(&ft->hook_list, hook)) { + err = -EEXIST; + goto err_unregister_net_hooks; } } From patchwork Wed Oct 23 14:57:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001157 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=dfDfxGYE; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=147.75.80.249; helo=am.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4666-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [147.75.80.249]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXTD0M0wz1xx0 for ; Thu, 24 Oct 2024 02:07:12 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id A94E81F21D47 for ; Wed, 23 Oct 2024 15:07:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 798AA1CF5F0; Wed, 23 Oct 2024 14:57:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="dfDfxGYE" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F7FB1CC899 for ; Wed, 23 Oct 2024 14:57:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695465; cv=none; b=ZolanLGhrWLfXiRa0PJLuYvVRxtpKivQudfCFZxilEj6CkB2LLDqVBP0jTPN02oZhUFePtr+QT9fJOHKZ7W1beTwzETm+XFfLP5vC++8jariH4LnXcICxJDrByZ0r6JYzAnHWiseLeOaDKDOpAMM9xaSCKvfKqCECkUe3OfoOIo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695465; c=relaxed/simple; bh=0kht3PXKDT/XV9wW7R+P4YYZ/xnqOdiTydzUZF0/q40=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qNRy5P8b15O4GX7LpIQMTvcjVAXOJatFRUxTpEXi90RpMo6VDk9Q/6MSCNCAH7vkWV3YHjUqON+c/Y6FyCLbsHg8xclYsz4vFPB75RfrMFGfl9HqNK079XiERY4VnHBSP+z22H78hnFFXoZivqvpJihEwcwGrGHrimaaVwufwNk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=dfDfxGYE; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=mEWB0iZEISGcqVUoBforJ1TLKIO9Q1Pm/vdb9pfB8Y0=; b=dfDfxGYEQb1TNnOG/88F0IqeS7 h9okhXSY1u5qrJhOF/yE2+r8Bto/yv6hWhwPVUJp0WcGn/AEQnR3UyG/CDaE+e2c2IuWvK4fGVxGi 1WvlnYtf+dOKyrmBBRgiyCMB0rXyCFGoVWoxYFAqfkysgK8wADoRkn1+2OnnaBCHamLbZj1ofUHu9 YM/1/ZF2glbFMUmNrcjapSdP1jCD9XPY/ILMa1V6BvH6wKEVcSiBZ89cOI0o3U5f0d9qect0F7Y15 NJJWX2UH13KLDPFM7iKLugAU9mlnQC8FcUcJh3r8Gr6wpEZmJ+AUwnnnAchn5lo0mRUTq60+0BZ0a jOdRBV8w==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cnn-000000003t7-39ld; Wed, 23 Oct 2024 16:57:35 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 2/7] netfilter: nf_tables: Store user-defined hook ifname Date: Wed, 23 Oct 2024 16:57:25 +0200 Message-ID: <20241023145730.16896-3-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Prepare for hooks with NULL ops.dev pointer (due to non-existent device) and store the interface name and length as specified by the user upon creation. No functional change intended. Signed-off-by: Phil Sutter --- include/net/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables_api.c | 10 +++++++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 91ae20cb7648..b06d88af9ee3 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1192,6 +1192,8 @@ struct nft_hook { struct list_head list; struct nf_hook_ops ops; struct rcu_head rcu; + char ifname[IFNAMSIZ]; + u8 ifnamelen; }; /** diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index d4563313d5e0..088c0f901092 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2173,7 +2173,6 @@ static struct nft_hook *nft_netdev_hook_alloc(struct net *net, const struct nlattr *attr) { struct net_device *dev; - char ifname[IFNAMSIZ]; struct nft_hook *hook; int err; @@ -2183,12 +2182,17 @@ static struct nft_hook *nft_netdev_hook_alloc(struct net *net, goto err_hook_alloc; } - nla_strscpy(ifname, attr, IFNAMSIZ); + err = nla_strscpy(hook->ifname, attr, IFNAMSIZ); + if (err < 0) + goto err_hook_dev; + + hook->ifnamelen = nla_len(attr); + /* nf_tables_netdev_event() is called under rtnl_mutex, this is * indirectly serializing all the other holders of the commit_mutex with * the rtnl_mutex. */ - dev = __dev_get_by_name(net, ifname); + dev = __dev_get_by_name(net, hook->ifname); if (!dev) { err = -ENOENT; goto err_hook_dev; From patchwork Wed Oct 23 14:57:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001154 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=jHc0jvPY; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2604:1380:45d1:ec00::1; helo=ny.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4660-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org [IPv6:2604:1380:45d1:ec00::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXSz3dhxz1xx0 for ; Thu, 24 Oct 2024 02:06:59 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D80D11C20DA5 for ; Wed, 23 Oct 2024 15:06:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id E00FC1CCB24; Wed, 23 Oct 2024 14:57:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="jHc0jvPY" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 69054146018 for ; Wed, 23 Oct 2024 14:57:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695463; cv=none; b=ho+PiupcAAg9ZHRGBnRhL8C9qp2G7R3rRYh0Xr5m9qFWalo9PzW3YImepussNVfZoJ8CfcpkbNkny6YTwuJkwU9NrGQfnm2vEmC39fV/yvc4R8LPQnib/rqu2q5oWfAtI8xnuZJDCDYuLkZmmxkJi839UzdCI7P9ufLmzA0/69U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695463; c=relaxed/simple; bh=dL5F5KOtCMzqXoEzY+jSxcJC3WWTuByIzCAmmLgSWTA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=RYahqZED0xHc6bLywF8jjLnR7AzK7ft9UsSB0oB2TC0Z9+WsSgKHkBpU49gqpyXXbLBja10lW+4xmhO1VBv2wzGNWneKDSezPzwrzhfb6z6xqtE1lr0SlTv+A0QhQBbIotVCDYwJ1LZarPLz7JQmoD7Aup5nCEm11HPDEV5TtNk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=jHc0jvPY; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=nnlA/BayTD8dUstVGdzoaJ7DcYfyaDZ8vRds1Y4WThA=; b=jHc0jvPYBf9tMfyYOVzfi90OBr fnEZbEijmVFP358Mj9yTE75pPO9jjo54Ysi57uMlbth6Z7MSo6cRY6foLd9q9NHBn9tNGSh4vRQgd XE9rvCpWtxe9xOrtaIocExySHJC9lrSdnomh/tDNvGApilyuOhUXL0wXHeZBwQC6F3pVvMQSoh8Nb 7+dQNow3M9XFciM9T+JBSumzizc3e/0jF6wlFuYTyvlB740EwkisaLjF7wFu7pX8CS952BHme5rSr n8HPl9YfpxgVuZsSdElzsqn0GV5kSWJOZQYBpMIJldY9tjdhTTx9PNMuaERroCHfTC27ayR3DCrIl sIWElv0A==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cnm-000000003sm-0HFW; Wed, 23 Oct 2024 16:57:34 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 3/7] netfilter: nf_tables: Use stored ifname in netdev hook dumps Date: Wed, 23 Oct 2024 16:57:26 +0200 Message-ID: <20241023145730.16896-4-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The stored ifname and ops.dev->name may deviate after creation due to interface name changes. Prefer the more deterministic stored name in dumps which also helps avoiding inadvertent changes to stored ruleset dumps. Signed-off-by: Phil Sutter --- net/netfilter/nf_tables_api.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 088c0f901092..ac25a7094093 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1853,15 +1853,16 @@ static int nft_dump_basechain_hook(struct sk_buff *skb, int family, if (!first) first = hook; - if (nla_put_string(skb, NFTA_DEVICE_NAME, - hook->ops.dev->name)) + if (nla_put(skb, NFTA_DEVICE_NAME, + hook->ifnamelen, hook->ifname)) goto nla_put_failure; n++; } nla_nest_end(skb, nest_devs); if (n == 1 && - nla_put_string(skb, NFTA_HOOK_DEV, first->ops.dev->name)) + nla_put(skb, NFTA_HOOK_DEV, + first->ifnamelen, first->ifname)) goto nla_put_failure; } nla_nest_end(skb, nest); @@ -8997,7 +8998,8 @@ static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net, hook_list = &flowtable->hook_list; list_for_each_entry_rcu(hook, hook_list, list) { - if (nla_put_string(skb, NFTA_DEVICE_NAME, hook->ops.dev->name)) + if (nla_put(skb, NFTA_DEVICE_NAME, + hook->ifnamelen, hook->ifname)) goto nla_put_failure; } nla_nest_end(skb, nest_devs); From patchwork Wed Oct 23 14:57:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001156 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=hlh1TeWN; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=147.75.80.249; helo=am.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4665-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from am.mirrors.kernel.org (am.mirrors.kernel.org [147.75.80.249]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXTC331Jz1xwf for ; Thu, 24 Oct 2024 02:07:11 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 14CAF1F215A4 for ; Wed, 23 Oct 2024 15:07:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 72BEC1CF2BC; Wed, 23 Oct 2024 14:57:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="hlh1TeWN" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7F7701CC896 for ; Wed, 23 Oct 2024 14:57:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695465; cv=none; b=srmlkhsmlB7drZJ9rqdifTfzukXwjKiLuer6wX9KYZK0gytN4aRM2xq9mXODjo34N0ItlTJ56t6qe6AAUAKgdYa3l8nznlHokhJxR+/cOjp1kDwFJjO6hh3ujpWtdCizcx5rZQhya39rKkxnDe8FtCTNb3jHkqAgcPW19Aq5+lU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695465; c=relaxed/simple; bh=9K0ddLWj6MsaXnxqif9zAfTMR20sKNt3c7a8I+BvMpY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=V0wtd88k4dBX3kALnQePBZYlDcFozQhPVwp9Du6Mu3jT58Q2+vU7DgW2Ozs2IQ8ISQAaJUMHUiF57EH2suYDoAQejWI6td6LpfRJZGximpDgj9xObmBcYpgI6IFnqZXQ1+TicsWR6EVkbIRd8tg93XwTjhjzRWR5XqTvZnK1exU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=hlh1TeWN; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=cXS5bCurHNwdG3VOHoRUTKKiNN8D1Ui9lv12QqKEJ3k=; b=hlh1TeWNVPsW0DJR3lys6redj7 SO9Zfu7fB8lVvq6X25+OoCdwHFKe/En+0uRzsiefTch7TnMlKyOfdXmIjW2earTEM4QsPwtwUe6PJ 2ZGasvRUq8rwNNAmSDWNPmZQJq4x9TFikoaeswd8dQMyEr3koL+6xj+nCPDGFJhXFbTvn8KDIYvUP Hk6PPlcqmU7t+YeHq2fZXe9GIavwcVJvpuDl2bx1fwdsb2qjAAd4Xt8pc4IJjfc5DTKMYe1i5loyM buDvTwspSAbijF/khXlu2axSiQb52WYV2DHentZZr2hRALed7w4HrwWE0pSybUCdV3uS1HWcRUbHL VE4qGhUA==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cno-000000003tF-17eU; Wed, 23 Oct 2024 16:57:36 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 4/7] netfilter: nf_tables: Compare netdev hooks based on stored name Date: Wed, 23 Oct 2024 16:57:27 +0200 Message-ID: <20241023145730.16896-5-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The 1:1 relationship between nft_hook and nf_hook_ops is about to break, so choose the stored ifname to uniquely identify hooks. Signed-off-by: Phil Sutter --- net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index ac25a7094093..edea65cc5e97 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2214,7 +2214,7 @@ static struct nft_hook *nft_hook_list_find(struct list_head *hook_list, struct nft_hook *hook; list_for_each_entry(hook, hook_list, list) { - if (this->ops.dev == hook->ops.dev) + if (!strcmp(hook->ifname, this->ifname)) return hook; } From patchwork Wed Oct 23 14:57:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001158 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=GDPT3+L4; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=2604:1380:40f1:3f00::1; helo=sy.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4662-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [IPv6:2604:1380:40f1:3f00::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXTQ69gbz1xwf for ; Thu, 24 Oct 2024 02:07:22 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 59E8BB28CE8 for ; Wed, 23 Oct 2024 15:07:02 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 909051CCB5C; Wed, 23 Oct 2024 14:57:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="GDPT3+L4" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A41971CACE2 for ; Wed, 23 Oct 2024 14:57:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695464; cv=none; b=TyMa7c6E+6/3QrcvhSCLDUgs6DyCRHVlx9yCVLs+cHWoXyyZ2e+RhwebYU2XKyxYPyyP4RfbTSvfPJ+UJ0Aic5r79FeB5MzHV/1xM9bbBh2uE5MbVth96d+5YsOhLLONQL9sBg7Hd8h+YU1Cnno73bYU/Fb3xGJluXo0i3wHDak= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695464; c=relaxed/simple; bh=tRHjeARTE7Nmq/r3xizQoYPKrRj4DXyRKCSveYhQ1SA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=u1UxfSYimhKeMuC7aDjSdeUHF4f8ZfB+er+uk4JtvLJOQk/xuwLpij1eBLmWTEZpj7cfSzTs6NhOGk7nlMl+g8VDFdfs4MK8Omzb0a1NWBal65LG0LgcEfCt5ulr/fpz8b6sVJq2sLD4WeWf7976dC/UaOKxhYWeCQz8fq3ACQk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=GDPT3+L4; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MruYs9P7jW1TnjNr76FUsIzFqcz0rD2s6/rh9GvsrVA=; b=GDPT3+L4PRuNO84mLFnFOttq7X c6uV7NZ/gOmZvIx2RmkOz/8bmrw8WYO32Y9qQOpPgt808rGwKU3uTs8LVy9Swea+ezGYcyZhOeDDA +U13PXdgJPs72e8wNFrVNY2eEyTf0RI46MlGGy9/CTQHjKlwrGcUm2W40qN2aseB7ZNaFA2RqCDh9 tUssIsZLKVLTC0ETgEKAjNIyaaJLhdTmQPn1ebTxKMl4+801wkWFIvx+7GOdDq3Ank7ZUvnNdMuRP 020gUZ6TyNViDvn5h6ChAy95GuSg0UyPzRDK3xoE7d168fK9hpLgGrT1NfKn/MR1CGWxAxLl7s+gW F7OJ+NCA==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cnk-000000003sU-40W7; Wed, 23 Oct 2024 16:57:33 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 5/7] netfilter: nf_tables: Tolerate chains with no remaining hooks Date: Wed, 23 Oct 2024 16:57:28 +0200 Message-ID: <20241023145730.16896-6-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Do not drop a netdev-family chain if the last interface it is registered for vanishes. Users dumping and storing the ruleset upon shutdown for restore upon next boot may otherwise lose the chain and all contained rules. They will still lose the list of devices, a later patch will fix that. For now, this aligns the event handler's behaviour with that for flowtables. The controversal situation at netns exit should be no problem here: event handler will unregister the hooks, core nftables cleanup code will drop the chain itself. Signed-off-by: Phil Sutter --- include/net/netfilter/nf_tables.h | 2 -- net/netfilter/nf_tables_api.c | 21 --------------------- net/netfilter/nft_chain_filter.c | 29 +++++++---------------------- 3 files changed, 7 insertions(+), 45 deletions(-) diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index b06d88af9ee3..9d409c02ab6a 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1229,8 +1229,6 @@ static inline bool nft_is_base_chain(const struct nft_chain *chain) return chain->flags & NFT_CHAIN_BASE; } -int __nft_release_basechain(struct nft_ctx *ctx); - unsigned int nft_do_chain(struct nft_pktinfo *pkt, void *priv); static inline bool nft_use_inc(u32 *use) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index edea65cc5e97..4c2a0caa145d 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -11431,27 +11431,6 @@ int nft_data_dump(struct sk_buff *skb, int attr, const struct nft_data *data, } EXPORT_SYMBOL_GPL(nft_data_dump); -int __nft_release_basechain(struct nft_ctx *ctx) -{ - struct nft_rule *rule, *nr; - - if (WARN_ON(!nft_is_base_chain(ctx->chain))) - return 0; - - nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain); - list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) { - list_del(&rule->list); - nft_use_dec(&ctx->chain->use); - nf_tables_rule_release(ctx, rule); - } - nft_chain_del(ctx->chain); - nft_use_dec(&ctx->table->use); - nf_tables_chain_destroy(ctx->chain); - - return 0; -} -EXPORT_SYMBOL_GPL(__nft_release_basechain); - static void __nft_release_hook(struct net *net, struct nft_table *table) { struct nft_flowtable *flowtable; diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 7010541fcca6..543f258b7c6b 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -322,34 +322,19 @@ static void nft_netdev_event(unsigned long event, struct net_device *dev, struct nft_ctx *ctx) { struct nft_base_chain *basechain = nft_base_chain(ctx->chain); - struct nft_hook *hook, *found = NULL; - int n = 0; + struct nft_hook *hook; list_for_each_entry(hook, &basechain->hook_list, list) { - if (hook->ops.dev == dev) - found = hook; - - n++; - } - if (!found) - return; + if (hook->ops.dev != dev) + continue; - if (n > 1) { if (!(ctx->chain->table->flags & NFT_TABLE_F_DORMANT)) - nf_unregister_net_hook(ctx->net, &found->ops); + nf_unregister_net_hook(ctx->net, &hook->ops); - list_del_rcu(&found->list); - kfree_rcu(found, rcu); - return; + list_del_rcu(&hook->list); + kfree_rcu(hook, rcu); + break; } - - /* UNREGISTER events are also happening on netns exit. - * - * Although nf_tables core releases all tables/chains, only this event - * handler provides guarantee that hook->ops.dev is still accessible, - * so we cannot skip exiting net namespaces. - */ - __nft_release_basechain(ctx); } static int nf_tables_netdev_event(struct notifier_block *this, From patchwork Wed Oct 23 14:57:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001155 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=SzGh63UR; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=139.178.88.99; helo=sv.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4664-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org [139.178.88.99]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXT55tvtz1xwf for ; Thu, 24 Oct 2024 02:07:05 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 70A58281B29 for ; Wed, 23 Oct 2024 15:07:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 12FA41CC177; Wed, 23 Oct 2024 14:57:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="SzGh63UR" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E28AD1CC173 for ; Wed, 23 Oct 2024 14:57:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695464; cv=none; b=pnxhc02A4ymtF9nRa3GnXBaLhTi4fVWUyD8FN99T3ibGtEik6lTVm9GFh1fMbL5LXXraIzz5Un/Ka7IgHUXRmkPxw5+8r7wj98/38+oR3ZXpNUYEYSqz9M8lmRYRvFYbJpTcYjHHOvtCPi35Zrc683XPxgydloCm2jeYBGdLC5I= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695464; c=relaxed/simple; bh=uex+zC7/bqY8ma7RfJ1YWGaDwCdsc9tYL9ygxlje788=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=HO6i8QTVl/NtZz9IdUOlc8qZk92Bxwlb0iKKDwWwP8k7JtNNYY20+ezsJaYMrc3fNl5ws/vRGfDqr2ANhz+PWcrRuOH1YNaUDvT7RfIn+VG2u+f/HunVDsxQYXthcI3J6sKfN6jhwG8XiTCaBzxZxXv+YI3/xlt834SJwVp63s8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=SzGh63UR; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=L8hp5LjQp/Gpx4uqjyVfHolncepmOyEPkUB93JnZGqM=; b=SzGh63URgcWH7VoI3OwpAUz9Sn XNFQ0GoZn/IFzLZ57QGPP5u1hc+vp2BY0pvzu8e3y1Xpe74Z7m64pOhx18pvdwO4UGOk4DNgQhoAf F0aAazYP/fEvvAvyIPXfXlFYll1x+uuUTJ1zJ2poPKp1XDmC629AWHzdulyyCaaQlU0WpJpVRyr2z b/LO9LXj0TR17u9Wmlvd1rWG9urRWs8bShNrBs9WMHS7j3KOXrKHOuDURpPGp5FfiS85W1UJhsQFq H46ExlCcGayn/Sne1+Kn1LA6mpc50a7MR0jzEIa6PYZFGUX5AVxcQpPCEC+Jm8bn0KmS2la5IYy5o /Y5kEkhQ==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cnn-000000003t0-0w8m; Wed, 23 Oct 2024 16:57:35 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 6/7] netfilter: nf_tables: Simplify chain netdev notifier Date: Wed, 23 Oct 2024 16:57:29 +0200 Message-ID: <20241023145730.16896-7-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 With conditional chain deletion gone, callback code simplifies: Instead of filling an nft_ctx object, just pass basechain to the per-chain function. Also plain list_for_each_entry() is safe now. Signed-off-by: Phil Sutter --- net/netfilter/nft_chain_filter.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 543f258b7c6b..19a553550c76 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -319,17 +319,16 @@ static const struct nft_chain_type nft_chain_filter_netdev = { }; static void nft_netdev_event(unsigned long event, struct net_device *dev, - struct nft_ctx *ctx) + struct nft_base_chain *basechain) { - struct nft_base_chain *basechain = nft_base_chain(ctx->chain); struct nft_hook *hook; list_for_each_entry(hook, &basechain->hook_list, list) { if (hook->ops.dev != dev) continue; - if (!(ctx->chain->table->flags & NFT_TABLE_F_DORMANT)) - nf_unregister_net_hook(ctx->net, &hook->ops); + if (!(basechain->chain.table->flags & NFT_TABLE_F_DORMANT)) + nf_unregister_net_hook(dev_net(dev), &hook->ops); list_del_rcu(&hook->list); kfree_rcu(hook, rcu); @@ -343,25 +342,20 @@ static int nf_tables_netdev_event(struct notifier_block *this, struct net_device *dev = netdev_notifier_info_to_dev(ptr); struct nft_base_chain *basechain; struct nftables_pernet *nft_net; - struct nft_chain *chain, *nr; + struct nft_chain *chain; struct nft_table *table; - struct nft_ctx ctx = { - .net = dev_net(dev), - }; if (event != NETDEV_UNREGISTER) return NOTIFY_DONE; - nft_net = nft_pernet(ctx.net); + nft_net = nft_pernet(dev_net(dev)); mutex_lock(&nft_net->commit_mutex); list_for_each_entry(table, &nft_net->tables, list) { if (table->family != NFPROTO_NETDEV && table->family != NFPROTO_INET) continue; - ctx.family = table->family; - ctx.table = table; - list_for_each_entry_safe(chain, nr, &table->chains, list) { + list_for_each_entry(chain, &table->chains, list) { if (!nft_is_base_chain(chain)) continue; @@ -370,8 +364,7 @@ static int nf_tables_netdev_event(struct notifier_block *this, basechain->ops.hooknum != NF_INET_INGRESS) continue; - ctx.chain = chain; - nft_netdev_event(event, dev, &ctx); + nft_netdev_event(event, dev, basechain); } } mutex_unlock(&nft_net->commit_mutex); From patchwork Wed Oct 23 14:57:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 2001159 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=nwl.cc header.i=@nwl.cc header.a=rsa-sha256 header.s=mail2022 header.b=lwpdZCga; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=147.75.48.161; helo=sy.mirrors.kernel.org; envelope-from=netfilter-devel+bounces-4663-incoming=patchwork.ozlabs.org@vger.kernel.org; receiver=patchwork.ozlabs.org) Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org [147.75.48.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XYXVC4T0dz1xwf for ; Thu, 24 Oct 2024 02:08:03 +1100 (AEDT) Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 02A6EB28D05 for ; Wed, 23 Oct 2024 15:07:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id B71911CACE2; Wed, 23 Oct 2024 14:57:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b="lwpdZCga" X-Original-To: netfilter-devel@vger.kernel.org Received: from orbyte.nwl.cc (orbyte.nwl.cc [151.80.46.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E29001CC177 for ; Wed, 23 Oct 2024 14:57:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=151.80.46.58 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695464; cv=none; b=Kd0o56UdixD8TbPediaH+N7WVAjDNUz6O9zL65cd3SHn1bzWPUWlbXr9HmQLJtjFt0/b1WANtzTuxX6lqd0epXQlK3GvXd9yfyxiLQUJu7f3cztP/t2YR8wo/rHCO8JLCcMjNPfacwu1NSgAERnvke51snrBSKE1Ki/TfH7C4ME= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1729695464; c=relaxed/simple; bh=e8g0CUiEBN5LPKjY0+BAAQQf/XZU3L7TrDN53QKVumI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=Y1rfNHjrafpQPJlNiRPLj2nqjHIvwmMp9I+ZT4nLhbavD080HM7/KENHvetxbkumYrtG7d+RexIf9cqEo/dwenzvm0acTuXZGz/nznsRP1tQMnf1I3l+vlbywuJzheqnrtARq380XN8edoIwSME4y8pKQfXrUTgOsTZLh7zScNA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc; spf=pass smtp.mailfrom=nwl.cc; dkim=pass (2048-bit key) header.d=nwl.cc header.i=@nwl.cc header.b=lwpdZCga; arc=none smtp.client-ip=151.80.46.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=nwl.cc Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=nwl.cc DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nwl.cc; s=mail2022; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=NVZtZHQkwC3jLBLXFOzXGpoZGENaP36CO7AAkVAeI1A=; b=lwpdZCgaHEYEXQfuAhRzIifEe1 tfSwvHqfg6t3lgmrdsV8x2yGATC+ZAerlUD5Gcyq9hXZrbVulTmr1fLawC4AlTYayJGfZd0uGj/zQ zfZ8l8j44VWp+ANP0vS08+Xzqbcykoi7a/TRyr0wk1EZO2Nf3NZIYSSagOJap/1jvaRmrV4Hsanbo eqVOQDAxJWvHNmf3d7VM4b7eVM0EyrE9kE+hIKm2pNBilWn58FqyFw2ovPNnPqi0f/8hXhoOh2MdP 1uxM+tzzVrbq7EqeFkR6dFPlnqAfV3jikzFn0AD11PkTWnk9OkkLE3H5JiSteMgIsK/DHuVrqZ+GH 9UQF7WaA==; Received: from localhost ([::1] helo=xic) by orbyte.nwl.cc with esmtp (Exim 4.97.1) (envelope-from ) id 1t3cnm-000000003st-2uAH; Wed, 23 Oct 2024 16:57:34 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: Florian Westphal , netfilter-devel@vger.kernel.org, Eric Garver Subject: [nf-next PATCH v6 7/7] netfilter: nf_tables: Drop __nft_unregister_flowtable_net_hooks() Date: Wed, 23 Oct 2024 16:57:30 +0200 Message-ID: <20241023145730.16896-8-phil@nwl.cc> X-Mailer: git-send-email 2.47.0 In-Reply-To: <20241023145730.16896-1-phil@nwl.cc> References: <20241023145730.16896-1-phil@nwl.cc> Precedence: bulk X-Mailing-List: netfilter-devel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The function is a 1:1 copy of nft_netdev_unregister_hooks(), use the latter in its place. Signed-off-by: Phil Sutter --- net/netfilter/nf_tables_api.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 4c2a0caa145d..e6c8314817e0 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -8548,25 +8548,10 @@ static void nft_unregister_flowtable_hook(struct net *net, FLOW_BLOCK_UNBIND); } -static void __nft_unregister_flowtable_net_hooks(struct net *net, - struct list_head *hook_list, - bool release_netdev) -{ - struct nft_hook *hook, *next; - - list_for_each_entry_safe(hook, next, hook_list, list) { - nf_unregister_net_hook(net, &hook->ops); - if (release_netdev) { - list_del(&hook->list); - kfree_rcu(hook, rcu); - } - } -} - static void nft_unregister_flowtable_net_hooks(struct net *net, struct list_head *hook_list) { - __nft_unregister_flowtable_net_hooks(net, hook_list, false); + nft_netdev_unregister_hooks(net, hook_list, false); } static int nft_register_flowtable_net_hooks(struct net *net, @@ -11439,8 +11424,7 @@ static void __nft_release_hook(struct net *net, struct nft_table *table) list_for_each_entry(chain, &table->chains, list) __nf_tables_unregister_hook(net, table, chain, true); list_for_each_entry(flowtable, &table->flowtables, list) - __nft_unregister_flowtable_net_hooks(net, &flowtable->hook_list, - true); + nft_netdev_unregister_hooks(net, &flowtable->hook_list, true); } static void __nft_release_hooks(struct net *net)