// SPDX-License-Identifier: GPL-2.0-only /* * Copyright (c) 2007-2009 Patrick McHardy <[email protected]> * * Development of this code funded by Astaro AG (http://www.astaro.com/) */ #include <linux/module.h> #include <linux/init.h> #include <linux/list.h> #include <linux/skbuff.h> #include <linux/netlink.h> #include <linux/vmalloc.h> #include <linux/rhashtable.h> #include <linux/audit.h> #include <linux/netfilter.h> #include <linux/netfilter/nfnetlink.h> #include <linux/netfilter/nf_tables.h> #include <net/netfilter/nf_flow_table.h> #include <net/netfilter/nf_tables_core.h> #include <net/netfilter/nf_tables.h> #include <net/netfilter/nf_tables_offload.h> #include <net/net_namespace.h> #include <net/sock.h> #define NFT_MODULE_AUTOLOAD_LIMIT … #define NFT_SET_MAX_ANONLEN … unsigned int nf_tables_net_id __read_mostly; static LIST_HEAD(nf_tables_expressions); static LIST_HEAD(nf_tables_objects); static LIST_HEAD(nf_tables_flowtables); static LIST_HEAD(nf_tables_destroy_list); static LIST_HEAD(nf_tables_gc_list); static DEFINE_SPINLOCK(nf_tables_destroy_list_lock); static DEFINE_SPINLOCK(nf_tables_gc_list_lock); enum { … }; static struct rhltable nft_objname_ht; static u32 nft_chain_hash(const void *data, u32 len, u32 seed); static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed); static int nft_chain_hash_cmp(struct rhashtable_compare_arg *, const void *); static u32 nft_objname_hash(const void *data, u32 len, u32 seed); static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed); static int nft_objname_hash_cmp(struct rhashtable_compare_arg *, const void *); static const struct rhashtable_params nft_chain_ht_params = …; static const struct rhashtable_params nft_objname_ht_params = …; struct nft_audit_data { … }; static const u8 nft2audit_op[NFT_MSG_MAX] = …; static void nft_validate_state_update(struct nft_table *table, u8 new_validate_state) { … } static void nf_tables_trans_destroy_work(struct work_struct *w); static DECLARE_WORK(trans_destroy_work, nf_tables_trans_destroy_work); static void nft_trans_gc_work(struct work_struct *work); static DECLARE_WORK(trans_gc_work, nft_trans_gc_work); static void nft_ctx_init(struct nft_ctx *ctx, struct net *net, const struct sk_buff *skb, const struct nlmsghdr *nlh, u8 family, struct nft_table *table, struct nft_chain *chain, const struct nlattr * const *nla) { … } static struct nft_trans *nft_trans_alloc_gfp(const struct nft_ctx *ctx, int msg_type, u32 size, gfp_t gfp) { … } static struct nft_trans *nft_trans_alloc(const struct nft_ctx *ctx, int msg_type, u32 size) { … } static struct nft_trans_binding *nft_trans_get_binding(struct nft_trans *trans) { … } static void nft_trans_list_del(struct nft_trans *trans) { … } static void nft_trans_destroy(struct nft_trans *trans) { … } static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set, bool bind) { … } static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set) { … } static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set) { … } static void __nft_chain_trans_bind(const struct nft_ctx *ctx, struct nft_chain *chain, bool bind) { … } static void nft_chain_trans_bind(const struct nft_ctx *ctx, struct nft_chain *chain) { … } int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain) { … } void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain) { … } static int nft_netdev_register_hooks(struct net *net, struct list_head *hook_list) { … } static void nft_netdev_unregister_hooks(struct net *net, struct list_head *hook_list, bool release_netdev) { … } static int nf_tables_register_hook(struct net *net, const struct nft_table *table, struct nft_chain *chain) { … } static void __nf_tables_unregister_hook(struct net *net, const struct nft_table *table, struct nft_chain *chain, bool release_netdev) { … } static void nf_tables_unregister_hook(struct net *net, const struct nft_table *table, struct nft_chain *chain) { … } static void nft_trans_commit_list_add_tail(struct net *net, struct nft_trans *trans) { … } static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) { … } static int nft_deltable(struct nft_ctx *ctx) { … } static struct nft_trans * nft_trans_alloc_chain(const struct nft_ctx *ctx, int msg_type) { … } static struct nft_trans *nft_trans_chain_add(struct nft_ctx *ctx, int msg_type) { … } static int nft_delchain(struct nft_ctx *ctx) { … } void nft_rule_expr_activate(const struct nft_ctx *ctx, struct nft_rule *rule) { … } void nft_rule_expr_deactivate(const struct nft_ctx *ctx, struct nft_rule *rule, enum nft_trans_phase phase) { … } static int nf_tables_delrule_deactivate(struct nft_ctx *ctx, struct nft_rule *rule) { … } static struct nft_trans *nft_trans_rule_add(struct nft_ctx *ctx, int msg_type, struct nft_rule *rule) { … } static int nft_delrule(struct nft_ctx *ctx, struct nft_rule *rule) { … } static int nft_delrule_by_chain(struct nft_ctx *ctx) { … } static int __nft_trans_set_add(const struct nft_ctx *ctx, int msg_type, struct nft_set *set, const struct nft_set_desc *desc) { … } static int nft_trans_set_add(const struct nft_ctx *ctx, int msg_type, struct nft_set *set) { … } static int nft_mapelem_deactivate(const struct nft_ctx *ctx, struct nft_set *set, const struct nft_set_iter *iter, struct nft_elem_priv *elem_priv) { … } struct nft_set_elem_catchall { … }; static void nft_map_catchall_deactivate(const struct nft_ctx *ctx, struct nft_set *set) { … } static void nft_map_deactivate(const struct nft_ctx *ctx, struct nft_set *set) { … } static int nft_delset(const struct nft_ctx *ctx, struct nft_set *set) { … } static int nft_trans_obj_add(struct nft_ctx *ctx, int msg_type, struct nft_object *obj) { … } static int nft_delobj(struct nft_ctx *ctx, struct nft_object *obj) { … } static struct nft_trans * nft_trans_flowtable_add(struct nft_ctx *ctx, int msg_type, struct nft_flowtable *flowtable) { … } static int nft_delflowtable(struct nft_ctx *ctx, struct nft_flowtable *flowtable) { … } static void __nft_reg_track_clobber(struct nft_regs_track *track, u8 dreg) { … } static void __nft_reg_track_update(struct nft_regs_track *track, const struct nft_expr *expr, u8 dreg, u8 num_reg) { … } void nft_reg_track_update(struct nft_regs_track *track, const struct nft_expr *expr, u8 dreg, u8 len) { … } EXPORT_SYMBOL_GPL(…); void nft_reg_track_cancel(struct nft_regs_track *track, u8 dreg, u8 len) { … } EXPORT_SYMBOL_GPL(…); void __nft_reg_track_cancel(struct nft_regs_track *track, u8 dreg) { … } EXPORT_SYMBOL_GPL(…); /* * Tables */ static struct nft_table *nft_table_lookup(const struct net *net, const struct nlattr *nla, u8 family, u8 genmask, u32 nlpid) { … } static struct nft_table *nft_table_lookup_byhandle(const struct net *net, const struct nlattr *nla, int family, u8 genmask, u32 nlpid) { … } static inline u64 nf_tables_alloc_handle(struct nft_table *table) { … } static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX]; static const struct nft_chain_type * __nft_chain_type_get(u8 family, enum nft_chain_types type) { … } static const struct nft_chain_type * __nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family) { … } struct nft_module_request { … }; #ifdef CONFIG_MODULES __printf(2, 3) int nft_request_module(struct net *net, const char *fmt, ...) { … } EXPORT_SYMBOL_GPL(…); #endif static void lockdep_nfnl_nft_mutex_not_held(void) { … } static const struct nft_chain_type * nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla, u8 family, bool autoload) { … } static __be16 nft_base_seq(const struct net *net) { … } static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = …; static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, int event, u32 flags, int family, const struct nft_table *table) { … } struct nftnl_skb_parms { … }; #define NFT_CB(skb) … static void nft_notify_enqueue(struct sk_buff *skb, bool report, struct list_head *notify_list) { … } static void nf_tables_table_notify(const struct nft_ctx *ctx, int event) { … } static int nf_tables_dump_tables(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nft_netlink_dump_start_rcu(struct sock *nlsk, struct sk_buff *skb, const struct nlmsghdr *nlh, struct netlink_dump_control *c) { … } /* called with rcu_read_lock held */ static int nf_tables_gettable(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt) { … } static int nf_tables_table_enable(struct net *net, struct nft_table *table) { … } static void nf_tables_table_disable(struct net *net, struct nft_table *table) { … } #define __NFT_TABLE_F_INTERNAL … #define __NFT_TABLE_F_WAS_DORMANT … #define __NFT_TABLE_F_WAS_AWAKEN … #define __NFT_TABLE_F_WAS_ORPHAN … #define __NFT_TABLE_F_UPDATE … static bool nft_table_pending_update(const struct nft_ctx *ctx) { … } static int nf_tables_updtable(struct nft_ctx *ctx) { … } static u32 nft_chain_hash(const void *data, u32 len, u32 seed) { … } static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed) { … } static int nft_chain_hash_cmp(struct rhashtable_compare_arg *arg, const void *ptr) { … } static u32 nft_objname_hash(const void *data, u32 len, u32 seed) { … } static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed) { … } static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg, const void *ptr) { … } static bool nft_supported_family(u8 family) { … } static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nft_flush_table(struct nft_ctx *ctx) { … } static int nft_flush(struct nft_ctx *ctx, int family) { … } static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nf_tables_table_destroy(struct nft_table *table) { … } void nft_register_chain_type(const struct nft_chain_type *ctype) { … } EXPORT_SYMBOL_GPL(…); void nft_unregister_chain_type(const struct nft_chain_type *ctype) { … } EXPORT_SYMBOL_GPL(…); /* * Chains */ static struct nft_chain * nft_chain_lookup_byhandle(const struct nft_table *table, u64 handle, u8 genmask) { … } static bool lockdep_commit_lock_is_held(const struct net *net) { … } static struct nft_chain *nft_chain_lookup(struct net *net, struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } static const struct nla_policy nft_chain_policy[NFTA_CHAIN_MAX + 1] = …; static const struct nla_policy nft_hook_policy[NFTA_HOOK_MAX + 1] = …; static int nft_dump_stats(struct sk_buff *skb, struct nft_stats __percpu *stats) { … } static int nft_dump_basechain_hook(struct sk_buff *skb, int family, const struct nft_base_chain *basechain, const struct list_head *hook_list) { … } static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, int event, u32 flags, int family, const struct nft_table *table, const struct nft_chain *chain, const struct list_head *hook_list) { … } static void nf_tables_chain_notify(const struct nft_ctx *ctx, int event, const struct list_head *hook_list) { … } static int nf_tables_dump_chains(struct sk_buff *skb, struct netlink_callback *cb) { … } /* called with rcu_read_lock held */ static int nf_tables_getchain(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static const struct nla_policy nft_counter_policy[NFTA_COUNTER_MAX + 1] = …; static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr) { … } static void nft_chain_stats_replace(struct nft_trans_chain *trans) { … } static void nf_tables_chain_free_chain_rules(struct nft_chain *chain) { … } void nf_tables_chain_destroy(struct nft_chain *chain) { … } static struct nft_hook *nft_netdev_hook_alloc(struct net *net, const struct nlattr *attr) { … } static struct nft_hook *nft_hook_list_find(struct list_head *hook_list, const struct nft_hook *this) { … } static int nf_tables_parse_netdev_hooks(struct net *net, const struct nlattr *attr, struct list_head *hook_list, struct netlink_ext_ack *extack) { … } struct nft_chain_hook { … }; static int nft_chain_parse_netdev(struct net *net, struct nlattr *tb[], struct list_head *hook_list, struct netlink_ext_ack *extack, u32 flags) { … } static int nft_chain_parse_hook(struct net *net, struct nft_base_chain *basechain, const struct nlattr * const nla[], struct nft_chain_hook *hook, u8 family, u32 flags, struct netlink_ext_ack *extack) { … } static void nft_chain_release_hook(struct nft_chain_hook *hook) { … } static void nft_last_rule(const struct nft_chain *chain, const void *ptr) { … } static struct nft_rule_blob *nf_tables_chain_alloc_rules(const struct nft_chain *chain, unsigned int size) { … } static void nft_basechain_hook_init(struct nf_hook_ops *ops, u8 family, const struct nft_chain_hook *hook, struct nft_chain *chain) { … } static int nft_basechain_init(struct nft_base_chain *basechain, u8 family, struct nft_chain_hook *hook, u32 flags) { … } int nft_chain_add(struct nft_table *table, struct nft_chain *chain) { … } static u64 chain_id; static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, u8 policy, u32 flags, struct netlink_ext_ack *extack) { … } static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, u32 flags, const struct nlattr *attr, struct netlink_ext_ack *extack) { … } static struct nft_chain *nft_chain_lookup_byid(const struct net *net, const struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } static int nf_tables_newchain(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nft_delchain_hook(struct nft_ctx *ctx, struct nft_base_chain *basechain, struct netlink_ext_ack *extack) { … } static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } /* * Expressions */ /** * nft_register_expr - register nf_tables expr type * @type: expr type * * Registers the expr type for use with nf_tables. Returns zero on * success or a negative errno code otherwise. */ int nft_register_expr(struct nft_expr_type *type) { … } EXPORT_SYMBOL_GPL(…); /** * nft_unregister_expr - unregister nf_tables expr type * @type: expr type * * Unregisters the expr typefor use with nf_tables. */ void nft_unregister_expr(struct nft_expr_type *type) { … } EXPORT_SYMBOL_GPL(…); static const struct nft_expr_type *__nft_expr_type_get(u8 family, struct nlattr *nla) { … } #ifdef CONFIG_MODULES static int nft_expr_type_request_module(struct net *net, u8 family, struct nlattr *nla) { … } #endif static const struct nft_expr_type *nft_expr_type_get(struct net *net, u8 family, struct nlattr *nla) { … } static const struct nla_policy nft_expr_policy[NFTA_EXPR_MAX + 1] = …; static int nf_tables_fill_expr_info(struct sk_buff *skb, const struct nft_expr *expr, bool reset) { if (nla_put_string(skb, NFTA_EXPR_NAME, expr->ops->type->name)) goto nla_put_failure; if (expr->ops->dump) { struct nlattr *data = nla_nest_start_noflag(skb, NFTA_EXPR_DATA); if (data == NULL) goto nla_put_failure; if (expr->ops->dump(skb, expr, reset) < 0) goto nla_put_failure; nla_nest_end(skb, data); } return skb->len; nla_put_failure: return -1; }; int nft_expr_dump(struct sk_buff *skb, unsigned int attr, const struct nft_expr *expr, bool reset) { … } struct nft_expr_info { … }; static int nf_tables_expr_parse(const struct nft_ctx *ctx, const struct nlattr *nla, struct nft_expr_info *info) { … } int nft_expr_inner_parse(const struct nft_ctx *ctx, const struct nlattr *nla, struct nft_expr_info *info) { … } static int nf_tables_newexpr(const struct nft_ctx *ctx, const struct nft_expr_info *expr_info, struct nft_expr *expr) { … } static void nf_tables_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr) { … } static struct nft_expr *nft_expr_init(const struct nft_ctx *ctx, const struct nlattr *nla) { … } int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src, gfp_t gfp) { … } void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr) { … } /* * Rules */ static struct nft_rule *__nft_rule_lookup(const struct nft_chain *chain, u64 handle) { … } static struct nft_rule *nft_rule_lookup(const struct nft_chain *chain, const struct nlattr *nla) { … } static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] = …; static int nf_tables_fill_rule_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, int event, u32 flags, int family, const struct nft_table *table, const struct nft_chain *chain, const struct nft_rule *rule, u64 handle, bool reset) { … } static void nf_tables_rule_notify(const struct nft_ctx *ctx, const struct nft_rule *rule, int event) { … } static void audit_log_rule_reset(const struct nft_table *table, unsigned int base_seq, unsigned int nentries) { … } struct nft_rule_dump_ctx { … }; static int __nf_tables_dump_rules(struct sk_buff *skb, unsigned int *idx, struct netlink_callback *cb, const struct nft_table *table, const struct nft_chain *chain) { … } static int nf_tables_dump_rules(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dumpreset_rules(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dump_rules_start(struct netlink_callback *cb) { … } static int nf_tables_dumpreset_rules_start(struct netlink_callback *cb) { … } static int nf_tables_dump_rules_done(struct netlink_callback *cb) { … } /* called with rcu_read_lock held */ static struct sk_buff * nf_tables_getrule_single(u32 portid, const struct nfnl_info *info, const struct nlattr * const nla[], bool reset) { … } static int nf_tables_getrule(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nf_tables_getrule_reset(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } void nf_tables_rule_destroy(const struct nft_ctx *ctx, struct nft_rule *rule) { … } static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *rule) { … } /** nft_chain_validate - loop detection and hook validation * * @ctx: context containing call depth and base chain * @chain: chain to validate * * Walk through the rules of the given chain and chase all jumps/gotos * and set lookups until either the jump limit is hit or all reachable * chains have been validated. */ int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain) { … } EXPORT_SYMBOL_GPL(…); static int nft_table_validate(struct net *net, const struct nft_table *table) { … } int nft_setelem_validate(const struct nft_ctx *ctx, struct nft_set *set, const struct nft_set_iter *iter, struct nft_elem_priv *elem_priv) { … } int nft_set_catchall_validate(const struct nft_ctx *ctx, struct nft_set *set) { … } static struct nft_rule *nft_rule_lookup_byid(const struct net *net, const struct nft_chain *chain, const struct nlattr *nla); #define NFT_RULE_MAXEXPRS … static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static struct nft_rule *nft_rule_lookup_byid(const struct net *net, const struct nft_chain *chain, const struct nlattr *nla) { … } static int nf_tables_delrule(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } /* * Sets */ static const struct nft_set_type *nft_set_types[] = …; #define NFT_SET_FEATURES … static bool nft_set_ops_candidate(const struct nft_set_type *type, u32 flags) { … } /* * Select a set implementation based on the data characteristics and the * given policy. The total memory use might not be known if no size is * given, in that case the amount of memory per element is used. */ static const struct nft_set_ops * nft_select_set_ops(const struct nft_ctx *ctx, u32 flags, const struct nft_set_desc *desc) { … } static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = …; static const struct nla_policy nft_concat_policy[NFTA_SET_FIELD_MAX + 1] = …; static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = …; static struct nft_set *nft_set_lookup(const struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } static struct nft_set *nft_set_lookup_byhandle(const struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } static struct nft_set *nft_set_lookup_byid(const struct net *net, const struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } struct nft_set *nft_set_lookup_global(const struct net *net, const struct nft_table *table, const struct nlattr *nla_set_name, const struct nlattr *nla_set_id, u8 genmask) { … } EXPORT_SYMBOL_GPL(…); static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, const char *name) { … } int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result) { … } __be64 nf_jiffies64_to_msecs(u64 input) { … } static int nf_tables_fill_set_concat(struct sk_buff *skb, const struct nft_set *set) { … } static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx, const struct nft_set *set, u16 event, u16 flags) { … } static void nf_tables_set_notify(const struct nft_ctx *ctx, const struct nft_set *set, int event, gfp_t gfp_flags) { … } static int nf_tables_dump_sets(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dump_sets_start(struct netlink_callback *cb) { … } static int nf_tables_dump_sets_done(struct netlink_callback *cb) { … } /* called with rcu_read_lock held */ static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nft_set_desc_concat_parse(const struct nlattr *attr, struct nft_set_desc *desc) { … } static int nft_set_desc_concat(struct nft_set_desc *desc, const struct nlattr *nla) { … } static int nf_tables_set_desc_parse(struct nft_set_desc *desc, const struct nlattr *nla) { … } static int nft_set_expr_alloc(struct nft_ctx *ctx, struct nft_set *set, const struct nlattr * const *nla, struct nft_expr **exprs, int *num_exprs, u32 flags) { … } static bool nft_set_is_same(const struct nft_set *set, const struct nft_set_desc *desc, struct nft_expr *exprs[], u32 num_exprs, u32 flags) { … } static int nf_tables_newset(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nft_set_catchall_destroy(const struct nft_ctx *ctx, struct nft_set *set) { … } static void nft_set_put(struct nft_set *set) { … } static void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set) { … } static int nf_tables_delset(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nft_validate_register_store(const struct nft_ctx *ctx, enum nft_registers reg, const struct nft_data *data, enum nft_data_types type, unsigned int len); static int nft_setelem_data_validate(const struct nft_ctx *ctx, struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx, struct nft_set *set, const struct nft_set_iter *iter, struct nft_elem_priv *elem_priv) { … } static int nft_set_catchall_bind_check(const struct nft_ctx *ctx, struct nft_set *set) { … } int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set, struct nft_set_binding *binding) { … } EXPORT_SYMBOL_GPL(…); static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, struct nft_set_binding *binding, bool event) { … } static void nft_setelem_data_activate(const struct net *net, const struct nft_set *set, struct nft_elem_priv *elem_priv); static int nft_mapelem_activate(const struct nft_ctx *ctx, struct nft_set *set, const struct nft_set_iter *iter, struct nft_elem_priv *elem_priv) { … } static void nft_map_catchall_activate(const struct nft_ctx *ctx, struct nft_set *set) { … } static void nft_map_activate(const struct nft_ctx *ctx, struct nft_set *set) { … } void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set) { … } EXPORT_SYMBOL_GPL(…); void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set, struct nft_set_binding *binding, enum nft_trans_phase phase) { … } EXPORT_SYMBOL_GPL(…); void nf_tables_destroy_set(const struct nft_ctx *ctx, struct nft_set *set) { … } EXPORT_SYMBOL_GPL(…); const struct nft_set_ext_type nft_set_ext_types[] = …; /* * Set elements */ static const struct nla_policy nft_set_elem_policy[NFTA_SET_ELEM_MAX + 1] = …; static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 1] = …; static int nft_set_elem_expr_dump(struct sk_buff *skb, const struct nft_set *set, const struct nft_set_ext *ext, bool reset) { … } static int nf_tables_fill_setelem(struct sk_buff *skb, const struct nft_set *set, const struct nft_elem_priv *elem_priv, bool reset) { … } struct nft_set_dump_args { … }; static int nf_tables_dump_setelem(const struct nft_ctx *ctx, struct nft_set *set, const struct nft_set_iter *iter, struct nft_elem_priv *elem_priv) { … } static void audit_log_nft_set_reset(const struct nft_table *table, unsigned int base_seq, unsigned int nentries) { … } struct nft_set_dump_ctx { … }; static int nft_set_catchall_dump(struct net *net, struct sk_buff *skb, const struct nft_set *set, bool reset, unsigned int base_seq) { … } static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dumpreset_set(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dump_set_start(struct netlink_callback *cb) { … } static int nf_tables_dump_set_done(struct netlink_callback *cb) { … } static int nf_tables_fill_setelem_info(struct sk_buff *skb, const struct nft_ctx *ctx, u32 seq, u32 portid, int event, u16 flags, const struct nft_set *set, const struct nft_elem_priv *elem_priv, bool reset) { … } static int nft_setelem_parse_flags(const struct nft_set *set, const struct nlattr *attr, u32 *flags) { … } static int nft_setelem_parse_key(struct nft_ctx *ctx, const struct nft_set *set, struct nft_data *key, struct nlattr *attr) { … } static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set, struct nft_data_desc *desc, struct nft_data *data, struct nlattr *attr) { … } static void *nft_setelem_catchall_get(const struct net *net, const struct nft_set *set) { … } static int nft_setelem_get(struct nft_ctx *ctx, const struct nft_set *set, struct nft_set_elem *elem, u32 flags) { … } static int nft_get_set_elem(struct nft_ctx *ctx, const struct nft_set *set, const struct nlattr *attr, bool reset) { … } static int nft_set_dump_ctx_init(struct nft_set_dump_ctx *dump_ctx, const struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[], bool reset) { … } /* called with rcu_read_lock held */ static int nf_tables_getsetelem(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nf_tables_getsetelem_reset(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nf_tables_setelem_notify(const struct nft_ctx *ctx, const struct nft_set *set, const struct nft_elem_priv *elem_priv, int event) { … } static struct nft_trans *nft_trans_elem_alloc(struct nft_ctx *ctx, int msg_type, struct nft_set *set) { … } struct nft_expr *nft_set_elem_expr_alloc(const struct nft_ctx *ctx, const struct nft_set *set, const struct nlattr *attr) { … } static int nft_set_ext_check(const struct nft_set_ext_tmpl *tmpl, u8 id, u32 len) { … } static int nft_set_ext_memcpy(const struct nft_set_ext_tmpl *tmpl, u8 id, void *to, const void *from, u32 len) { … } struct nft_elem_priv *nft_set_elem_init(const struct nft_set *set, const struct nft_set_ext_tmpl *tmpl, const u32 *key, const u32 *key_end, const u32 *data, u64 timeout, u64 expiration, gfp_t gfp) { … } static void __nft_set_elem_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr) { … } static void nft_set_elem_expr_destroy(const struct nft_ctx *ctx, struct nft_set_elem_expr *elem_expr) { … } /* Drop references and destroy. Called from gc, dynset and abort path. */ void nft_set_elem_destroy(const struct nft_set *set, const struct nft_elem_priv *elem_priv, bool destroy_expr) { … } EXPORT_SYMBOL_GPL(…); /* Destroy element. References have been already dropped in the preparation * path via nft_setelem_data_deactivate(). */ void nf_tables_set_elem_destroy(const struct nft_ctx *ctx, const struct nft_set *set, const struct nft_elem_priv *elem_priv) { … } int nft_set_elem_expr_clone(const struct nft_ctx *ctx, struct nft_set *set, struct nft_expr *expr_array[]) { … } static int nft_set_elem_expr_setup(struct nft_ctx *ctx, const struct nft_set_ext_tmpl *tmpl, const struct nft_set_ext *ext, struct nft_expr *expr_array[], u32 num_exprs) { … } struct nft_set_ext *nft_set_catchall_lookup(const struct net *net, const struct nft_set *set) { … } EXPORT_SYMBOL_GPL(…); static int nft_setelem_catchall_insert(const struct net *net, struct nft_set *set, const struct nft_set_elem *elem, struct nft_elem_priv **priv) { … } static int nft_setelem_insert(const struct net *net, struct nft_set *set, const struct nft_set_elem *elem, struct nft_elem_priv **elem_priv, unsigned int flags) { … } static bool nft_setelem_is_catchall(const struct nft_set *set, const struct nft_elem_priv *elem_priv) { … } static void nft_setelem_activate(struct net *net, struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static int nft_setelem_catchall_deactivate(const struct net *net, struct nft_set *set, struct nft_set_elem *elem) { … } static int __nft_setelem_deactivate(const struct net *net, struct nft_set *set, struct nft_set_elem *elem) { … } static int nft_setelem_deactivate(const struct net *net, struct nft_set *set, struct nft_set_elem *elem, u32 flags) { … } static void nft_setelem_catchall_destroy(struct nft_set_elem_catchall *catchall) { … } static void nft_setelem_catchall_remove(const struct net *net, const struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static void nft_setelem_remove(const struct net *net, const struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static bool nft_setelem_valid_key_end(const struct nft_set *set, struct nlattr **nla, u32 flags) { … } static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set, const struct nlattr *attr, u32 nlmsg_flags) { … } static int nf_tables_newsetelem(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } /** * nft_data_hold - hold a nft_data item * * @data: struct nft_data to release * @type: type of data * * Hold a nft_data item. NFT_DATA_VALUE types can be silently discarded, * NFT_DATA_VERDICT bumps the reference to chains in case of NFT_JUMP and * NFT_GOTO verdicts. This function must be called on active data objects * from the second phase of the commit protocol. */ void nft_data_hold(const struct nft_data *data, enum nft_data_types type) { … } static int nft_setelem_active_next(const struct net *net, const struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static void nft_setelem_data_activate(const struct net *net, const struct nft_set *set, struct nft_elem_priv *elem_priv) { … } void nft_setelem_data_deactivate(const struct net *net, const struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set, const struct nlattr *attr) { … } static int nft_setelem_flush(const struct nft_ctx *ctx, struct nft_set *set, const struct nft_set_iter *iter, struct nft_elem_priv *elem_priv) { … } static int __nft_set_catchall_flush(const struct nft_ctx *ctx, struct nft_set *set, struct nft_elem_priv *elem_priv) { … } static int nft_set_catchall_flush(const struct nft_ctx *ctx, struct nft_set *set) { … } static int nft_set_flush(struct nft_ctx *ctx, struct nft_set *set, u8 genmask) { … } static int nf_tables_delsetelem(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } /* * Stateful objects */ /** * nft_register_obj- register nf_tables stateful object type * @obj_type: object type * * Registers the object type for use with nf_tables. Returns zero on * success or a negative errno code otherwise. */ int nft_register_obj(struct nft_object_type *obj_type) { … } EXPORT_SYMBOL_GPL(…); /** * nft_unregister_obj - unregister nf_tables object type * @obj_type: object type * * Unregisters the object type for use with nf_tables. */ void nft_unregister_obj(struct nft_object_type *obj_type) { … } EXPORT_SYMBOL_GPL(…); struct nft_object *nft_obj_lookup(const struct net *net, const struct nft_table *table, const struct nlattr *nla, u32 objtype, u8 genmask) { … } EXPORT_SYMBOL_GPL(…); static struct nft_object *nft_obj_lookup_byhandle(const struct nft_table *table, const struct nlattr *nla, u32 objtype, u8 genmask) { … } static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = …; static struct nft_object *nft_obj_init(const struct nft_ctx *ctx, const struct nft_object_type *type, const struct nlattr *attr) { … } static int nft_object_dump(struct sk_buff *skb, unsigned int attr, struct nft_object *obj, bool reset) { … } static const struct nft_object_type *__nft_obj_type_get(u32 objtype, u8 family) { … } static const struct nft_object_type * nft_obj_type_get(struct net *net, u32 objtype, u8 family) { … } static int nf_tables_updobj(const struct nft_ctx *ctx, const struct nft_object_type *type, const struct nlattr *attr, struct nft_object *obj) { … } static int nf_tables_newobj(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nf_tables_fill_obj_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, int event, u32 flags, int family, const struct nft_table *table, struct nft_object *obj, bool reset) { … } static void audit_log_obj_reset(const struct nft_table *table, unsigned int base_seq, unsigned int nentries) { … } struct nft_obj_dump_ctx { … }; static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dump_obj_start(struct netlink_callback *cb) { … } static int nf_tables_dump_obj_done(struct netlink_callback *cb) { … } /* called with rcu_read_lock held */ static int nf_tables_getobj(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nft_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj) { … } static int nf_tables_delobj(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void __nft_obj_notify(struct net *net, const struct nft_table *table, struct nft_object *obj, u32 portid, u32 seq, int event, u16 flags, int family, int report, gfp_t gfp) { … } void nft_obj_notify(struct net *net, const struct nft_table *table, struct nft_object *obj, u32 portid, u32 seq, int event, u16 flags, int family, int report, gfp_t gfp) { … } EXPORT_SYMBOL_GPL(…); static void nf_tables_obj_notify(const struct nft_ctx *ctx, struct nft_object *obj, int event) { … } /* * Flow tables */ void nft_register_flowtable_type(struct nf_flowtable_type *type) { … } EXPORT_SYMBOL_GPL(…); void nft_unregister_flowtable_type(struct nf_flowtable_type *type) { … } EXPORT_SYMBOL_GPL(…); static const struct nla_policy nft_flowtable_policy[NFTA_FLOWTABLE_MAX + 1] = …; struct nft_flowtable *nft_flowtable_lookup(const struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } EXPORT_SYMBOL_GPL(…); void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx, struct nft_flowtable *flowtable, enum nft_trans_phase phase) { … } EXPORT_SYMBOL_GPL(…); static struct nft_flowtable * nft_flowtable_lookup_byhandle(const struct nft_table *table, const struct nlattr *nla, u8 genmask) { … } struct nft_flowtable_hook { … }; static const struct nla_policy nft_flowtable_hook_policy[NFTA_FLOWTABLE_HOOK_MAX + 1] = …; static int nft_flowtable_parse_hook(const struct nft_ctx *ctx, const struct nlattr * const nla[], struct nft_flowtable_hook *flowtable_hook, struct nft_flowtable *flowtable, struct netlink_ext_ack *extack, bool add) { … } /* call under rcu_read_lock */ static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family) { … } static const struct nf_flowtable_type * nft_flowtable_type_get(struct net *net, u8 family) { … } /* Only called from error and netdev event paths. */ static void nft_unregister_flowtable_hook(struct net *net, struct nft_flowtable *flowtable, struct nft_hook *hook) { … } static void __nft_unregister_flowtable_net_hooks(struct net *net, struct list_head *hook_list, bool release_netdev) { … } static void nft_unregister_flowtable_net_hooks(struct net *net, struct list_head *hook_list) { … } static int nft_register_flowtable_net_hooks(struct net *net, struct nft_table *table, struct list_head *hook_list, struct nft_flowtable *flowtable) { … } static void nft_hooks_destroy(struct list_head *hook_list) { … } static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh, struct nft_flowtable *flowtable, struct netlink_ext_ack *extack) { … } static int nf_tables_newflowtable(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nft_flowtable_hook_release(struct nft_flowtable_hook *flowtable_hook) { … } static int nft_delflowtable_hook(struct nft_ctx *ctx, struct nft_flowtable *flowtable, struct netlink_ext_ack *extack) { … } static int nf_tables_delflowtable(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq, int event, u32 flags, int family, struct nft_flowtable *flowtable, struct list_head *hook_list) { … } struct nft_flowtable_filter { … }; static int nf_tables_dump_flowtable(struct sk_buff *skb, struct netlink_callback *cb) { … } static int nf_tables_dump_flowtable_start(struct netlink_callback *cb) { … } static int nf_tables_dump_flowtable_done(struct netlink_callback *cb) { … } /* called with rcu_read_lock held */ static int nf_tables_getflowtable(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static void nf_tables_flowtable_notify(struct nft_ctx *ctx, struct nft_flowtable *flowtable, struct list_head *hook_list, int event) { … } static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable) { … } static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net, u32 portid, u32 seq) { … } static void nft_flowtable_event(unsigned long event, struct net_device *dev, struct nft_flowtable *flowtable) { … } static int nf_tables_flowtable_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static struct notifier_block nf_tables_flowtable_notifier = …; static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb, int event) { … } static int nf_tables_getgen(struct sk_buff *skb, const struct nfnl_info *info, const struct nlattr * const nla[]) { … } static const struct nfnl_callback nf_tables_cb[NFT_MSG_MAX] = …; static int nf_tables_validate(struct net *net) { … } /* a drop policy has to be deferred until all rules have been activated, * otherwise a large ruleset that contains a drop-policy base chain will * cause all packets to get dropped until the full transaction has been * processed. * * We defer the drop policy until the transaction has been finalized. */ static void nft_chain_commit_drop_policy(struct nft_trans_chain *trans) { … } static void nft_chain_commit_update(struct nft_trans_chain *trans) { … } static void nft_obj_commit_update(const struct nft_ctx *ctx, struct nft_trans *trans) { … } static void nft_commit_release(struct nft_trans *trans) { … } static void nf_tables_trans_destroy_work(struct work_struct *w) { … } void nf_tables_trans_destroy_flush_work(void) { … } EXPORT_SYMBOL_GPL(…); static bool nft_expr_reduce(struct nft_regs_track *track, const struct nft_expr *expr) { … } static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *chain) { … } static void nf_tables_commit_chain_prepare_cancel(struct net *net) { … } static void __nf_tables_commit_chain_free_rules(struct rcu_head *h) { … } static void nf_tables_commit_chain_free_rules_old(struct nft_rule_blob *blob) { … } static void nf_tables_commit_chain(struct net *net, struct nft_chain *chain) { … } static void nft_obj_del(struct nft_object *obj) { … } void nft_chain_del(struct nft_chain *chain) { … } static void nft_trans_gc_setelem_remove(struct nft_ctx *ctx, struct nft_trans_gc *trans) { … } void nft_trans_gc_destroy(struct nft_trans_gc *trans) { … } static void nft_trans_gc_trans_free(struct rcu_head *rcu) { … } static bool nft_trans_gc_work_done(struct nft_trans_gc *trans) { … } static void nft_trans_gc_work(struct work_struct *work) { … } struct nft_trans_gc *nft_trans_gc_alloc(struct nft_set *set, unsigned int gc_seq, gfp_t gfp) { … } void nft_trans_gc_elem_add(struct nft_trans_gc *trans, void *priv) { … } static void nft_trans_gc_queue_work(struct nft_trans_gc *trans) { … } static int nft_trans_gc_space(struct nft_trans_gc *trans) { … } struct nft_trans_gc *nft_trans_gc_queue_async(struct nft_trans_gc *gc, unsigned int gc_seq, gfp_t gfp) { … } void nft_trans_gc_queue_async_done(struct nft_trans_gc *trans) { … } struct nft_trans_gc *nft_trans_gc_queue_sync(struct nft_trans_gc *gc, gfp_t gfp) { … } void nft_trans_gc_queue_sync_done(struct nft_trans_gc *trans) { … } struct nft_trans_gc *nft_trans_gc_catchall_async(struct nft_trans_gc *gc, unsigned int gc_seq) { … } struct nft_trans_gc *nft_trans_gc_catchall_sync(struct nft_trans_gc *gc) { … } static void nf_tables_module_autoload_cleanup(struct net *net) { … } static void nf_tables_commit_release(struct net *net) { … } static void nft_commit_notify(struct net *net, u32 portid) { … } static int nf_tables_commit_audit_alloc(struct list_head *adl, struct nft_table *table) { … } static void nf_tables_commit_audit_free(struct list_head *adl) { … } static void nf_tables_commit_audit_collect(struct list_head *adl, struct nft_table *table, u32 op) { … } #define AUNFTABLENAMELEN … static void nf_tables_commit_audit_log(struct list_head *adl, u32 generation) { … } static void nft_set_commit_update(struct list_head *set_update_list) { … } static unsigned int nft_gc_seq_begin(struct nftables_pernet *nft_net) { … } static void nft_gc_seq_end(struct nftables_pernet *nft_net, unsigned int gc_seq) { … } static int nf_tables_commit(struct net *net, struct sk_buff *skb) { … } static void nf_tables_module_autoload(struct net *net) { … } static void nf_tables_abort_release(struct nft_trans *trans) { … } static void nft_set_abort_update(struct list_head *set_update_list) { … } static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action) { … } static int nf_tables_abort(struct net *net, struct sk_buff *skb, enum nfnl_abort_action action) { … } static bool nf_tables_valid_genid(struct net *net, u32 genid) { … } static const struct nfnetlink_subsystem nf_tables_subsys = …; int nft_chain_validate_dependency(const struct nft_chain *chain, enum nft_chain_types type) { … } EXPORT_SYMBOL_GPL(…); int nft_chain_validate_hooks(const struct nft_chain *chain, unsigned int hook_flags) { … } EXPORT_SYMBOL_GPL(…); /** * nft_parse_u32_check - fetch u32 attribute and check for maximum value * * @attr: netlink attribute to fetch value from * @max: maximum value to be stored in dest * @dest: pointer to the variable * * Parse, check and store a given u32 netlink attribute into variable. * This function returns -ERANGE if the value goes over maximum value. * Otherwise a 0 is returned and the attribute value is stored in the * destination variable. */ int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest) { … } EXPORT_SYMBOL_GPL(…); static int nft_parse_register(const struct nlattr *attr, u32 *preg) { … } /** * nft_dump_register - dump a register value to a netlink attribute * * @skb: socket buffer * @attr: attribute number * @reg: register number * * Construct a netlink attribute containing the register number. For * compatibility reasons, register numbers being a multiple of 4 are * translated to the corresponding 128 bit register numbers. */ int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg) { … } EXPORT_SYMBOL_GPL(…); static int nft_validate_register_load(enum nft_registers reg, unsigned int len) { … } int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len) { … } EXPORT_SYMBOL_GPL(…); static int nft_validate_register_store(const struct nft_ctx *ctx, enum nft_registers reg, const struct nft_data *data, enum nft_data_types type, unsigned int len) { … } int nft_parse_register_store(const struct nft_ctx *ctx, const struct nlattr *attr, u8 *dreg, const struct nft_data *data, enum nft_data_types type, unsigned int len) { … } EXPORT_SYMBOL_GPL(…); static const struct nla_policy nft_verdict_policy[NFTA_VERDICT_MAX + 1] = …; static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data, struct nft_data_desc *desc, const struct nlattr *nla) { … } static void nft_verdict_uninit(const struct nft_data *data) { … } int nft_verdict_dump(struct sk_buff *skb, int type, const struct nft_verdict *v) { … } static int nft_value_init(const struct nft_ctx *ctx, struct nft_data *data, struct nft_data_desc *desc, const struct nlattr *nla) { … } static int nft_value_dump(struct sk_buff *skb, const struct nft_data *data, unsigned int len) { … } static const struct nla_policy nft_data_policy[NFTA_DATA_MAX + 1] = …; /** * nft_data_init - parse nf_tables data netlink attributes * * @ctx: context of the expression using the data * @data: destination struct nft_data * @desc: data description * @nla: netlink attribute containing data * * Parse the netlink data attributes and initialize a struct nft_data. * The type and length of data are returned in the data description. * * The caller can indicate that it only wants to accept data of type * NFT_DATA_VALUE by passing NULL for the ctx argument. */ int nft_data_init(const struct nft_ctx *ctx, struct nft_data *data, struct nft_data_desc *desc, const struct nlattr *nla) { … } EXPORT_SYMBOL_GPL(…); /** * nft_data_release - release a nft_data item * * @data: struct nft_data to release * @type: type of data * * Release a nft_data item. NFT_DATA_VALUE types can be silently discarded, * all others need to be released by calling this function. */ void nft_data_release(const struct nft_data *data, enum nft_data_types type) { … } EXPORT_SYMBOL_GPL(…); int nft_data_dump(struct sk_buff *skb, int attr, const struct nft_data *data, enum nft_data_types type, unsigned int len) { … } EXPORT_SYMBOL_GPL(…); int __nft_release_basechain(struct nft_ctx *ctx) { … } EXPORT_SYMBOL_GPL(…); static void __nft_release_hook(struct net *net, struct nft_table *table) { … } static void __nft_release_hooks(struct net *net) { … } static void __nft_release_table(struct net *net, struct nft_table *table) { … } static void __nft_release_tables(struct net *net) { … } static int nft_rcv_nl_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static struct notifier_block nft_nl_notifier = …; static int __net_init nf_tables_init_net(struct net *net) { … } static void __net_exit nf_tables_pre_exit_net(struct net *net) { … } static void __net_exit nf_tables_exit_net(struct net *net) { … } static void nf_tables_exit_batch(struct list_head *net_exit_list) { … } static struct pernet_operations nf_tables_net_ops = …; static int __init nf_tables_module_init(void) { … } static void __exit nf_tables_module_exit(void) { … } module_init(…) …; module_exit(nf_tables_module_exit); MODULE_LICENSE(…) …; MODULE_AUTHOR(…) …; MODULE_DESCRIPTION(…) …; MODULE_ALIAS_NFNL_SUBSYS(…);
Codebase Browser
linux