forked from ~ljy/RK356X_SDK_RELEASE

blame | history | patch | commit | commitdiff
hc
2024-01-03 2f7c68cb55ecb7331f2381deb497c27155f32faf 
 kernel/net/netfilter/nf_tables_offload.c
....@@ -7,6 +7,8 @@
77 #include <net/netfilter/nf_tables_offload.h>
88 #include <net/pkt_cls.h>
99 
10
+extern unsigned int nf_tables_net_id;
11
+
1012 static struct nft_flow_rule *nft_flow_rule_alloc(int num_actions)
1113 {
1214 	struct nft_flow_rule *flow;
....@@ -371,16 +373,18 @@
371373 	struct nft_base_chain *basechain = block_cb->indr.data;
372374 	struct net_device *dev = block_cb->indr.dev;
373375 	struct netlink_ext_ack extack = {};
376
+	struct nftables_pernet *nft_net;
374377 	struct net *net = dev_net(dev);
375378 	struct flow_block_offload bo;
376379 
377380 	nft_flow_block_offload_init(&bo, dev_net(dev), FLOW_BLOCK_UNBIND,
378381 				    basechain, &extack);
379
-	mutex_lock(&net->nft.commit_mutex);
382
+	nft_net = net_generic(net, nf_tables_net_id);
383
+	mutex_lock(&nft_net->commit_mutex);
380384 	list_del(&block_cb->driver_list);
381385 	list_move(&block_cb->list, &bo.cb_list);
382386 	nft_flow_offload_unbind(&bo, basechain);
383
-	mutex_unlock(&net->nft.commit_mutex);
387
+	mutex_unlock(&nft_net->commit_mutex);
384388 }
385389 
386390 static int nft_indr_block_offload_cmd(struct nft_base_chain *basechain,
....@@ -476,9 +480,10 @@
476480 static void nft_flow_rule_offload_abort(struct net *net,
477481 					struct nft_trans *trans)
478482 {
483
+	struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
479484 	int err = 0;
480485 
481
-	list_for_each_entry_continue_reverse(trans, &net->nft.commit_list, list) {
486
+	list_for_each_entry_continue_reverse(trans, &nft_net->commit_list, list) {
482487 		if (trans->ctx.family != NFPROTO_NETDEV)
483488 			continue;
484489 
....@@ -524,11 +529,12 @@
524529 
525530 int nft_flow_rule_offload_commit(struct net *net)
526531 {
532
+	struct nftables_pernet *nft_net = net_generic(net, nf_tables_net_id);
527533 	struct nft_trans *trans;
528534 	int err = 0;
529535 	u8 policy;
530536 
531
-	list_for_each_entry(trans, &net->nft.commit_list, list) {
537
+	list_for_each_entry(trans, &nft_net->commit_list, list) {
532538 		if (trans->ctx.family != NFPROTO_NETDEV)
533539 			continue;
534540 
....@@ -580,7 +586,7 @@
580586 		}
581587 	}
582588 
583
-	list_for_each_entry(trans, &net->nft.commit_list, list) {
589
+	list_for_each_entry(trans, &nft_net->commit_list, list) {
584590 		if (trans->ctx.family != NFPROTO_NETDEV)
585591 			continue;
586592 
....@@ -600,15 +606,15 @@
600606 	return err;
601607 }
602608 
603
-static struct nft_chain *__nft_offload_get_chain(struct net_device *dev)
609
+static struct nft_chain *__nft_offload_get_chain(const struct nftables_pernet *nft_net,
610
+						 struct net_device *dev)
604611 {
605612 	struct nft_base_chain *basechain;
606
-	struct net *net = dev_net(dev);
607613 	struct nft_hook *hook, *found;
608614 	const struct nft_table *table;
609615 	struct nft_chain *chain;
610616 
611
-	list_for_each_entry(table, &net->nft.tables, list) {
617
+	list_for_each_entry(table, &nft_net->tables, list) {
612618 		if (table->family != NFPROTO_NETDEV)
613619 			continue;
614620 
....@@ -640,19 +646,21 @@
640646 				    unsigned long event, void *ptr)
641647 {
642648 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
649
+	struct nftables_pernet *nft_net;
643650 	struct net *net = dev_net(dev);
644651 	struct nft_chain *chain;
645652 
646653 	if (event != NETDEV_UNREGISTER)
647654 		return NOTIFY_DONE;
648655 
649
-	mutex_lock(&net->nft.commit_mutex);
650
-	chain = __nft_offload_get_chain(dev);
656
+	nft_net = net_generic(net, nf_tables_net_id);
657
+	mutex_lock(&nft_net->commit_mutex);
658
+	chain = __nft_offload_get_chain(nft_net, dev);
651659 	if (chain)
652660 		nft_flow_block_chain(nft_base_chain(chain), dev,
653661 				     FLOW_BLOCK_UNBIND);
654662 
655
-	mutex_unlock(&net->nft.commit_mutex);
663
+	mutex_unlock(&nft_net->commit_mutex);
656664 
657665 	return NOTIFY_DONE;
658666 }