Revert "netfilter: nf_tables: Add notifications for hook changes"

This reverts commit 465b9ee0ee7bc268d7f261356afd6c4262e48d82.

Such notifications fit better into core or nfnetlink_hook code,
following the NFNL_MSG_HOOK_GET message format.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index e4d8e451e93594a297ceaf0f378487f8e4e662b0..5e49619ae49c69e29b8cae5d355bda8517a67efd 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1142,11 +1142,6 @@ int nft_set_catchall_validate(const struct nft_ctx *ctx, struct nft_set *set);
 int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);
 void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);
 
-struct nft_hook;
-void nf_tables_chain_device_notify(const struct nft_chain *chain,
-                                  const struct nft_hook *hook,
-                                  const struct net_device *dev, int event);
-
 enum nft_chain_types {
        NFT_CHAIN_T_DEFAULT = 0,
        NFT_CHAIN_T_ROUTE,

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 518ba144544ce17b5eba4c60b42dc16859a38546..2beb30be2c5f8e7452cb270daf3a3213abe4c2cf 100644 (file)
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -142,8 +142,6 @@ enum nf_tables_msg_types {
        NFT_MSG_DESTROYOBJ,
        NFT_MSG_DESTROYFLOWTABLE,
        NFT_MSG_GETSETELEM_RESET,
-       NFT_MSG_NEWDEV,
-       NFT_MSG_DELDEV,
        NFT_MSG_MAX,
 };
 
@@ -1786,18 +1784,10 @@ enum nft_synproxy_attributes {
  * enum nft_device_attributes - nf_tables device netlink attributes
  *
  * @NFTA_DEVICE_NAME: name of this device (NLA_STRING)
- * @NFTA_DEVICE_TABLE: table containing the flowtable or chain hooking into the device (NLA_STRING)
- * @NFTA_DEVICE_FLOWTABLE: flowtable hooking into the device (NLA_STRING)
- * @NFTA_DEVICE_CHAIN: chain hooking into the device (NLA_STRING)
- * @NFTA_DEVICE_SPEC: hook spec matching the device (NLA_STRING)
  */
 enum nft_devices_attributes {
        NFTA_DEVICE_UNSPEC,
        NFTA_DEVICE_NAME,
-       NFTA_DEVICE_TABLE,
-       NFTA_DEVICE_FLOWTABLE,
-       NFTA_DEVICE_CHAIN,
-       NFTA_DEVICE_SPEC,
        __NFTA_DEVICE_MAX
 };
 #define NFTA_DEVICE_MAX                (__NFTA_DEVICE_MAX - 1)

diff --git a/include/uapi/linux/netfilter/nfnetlink.h b/include/uapi/linux/netfilter/nfnetlink.h
index 50d807af2649b14889e63aa35205b3ba38f308a2..6cd58cd2a6f00fe485563a2350528d916295852e 100644 (file)
--- a/include/uapi/linux/netfilter/nfnetlink.h
+++ b/include/uapi/linux/netfilter/nfnetlink.h
@@ -25,8 +25,6 @@ enum nfnetlink_groups {
 #define NFNLGRP_ACCT_QUOTA             NFNLGRP_ACCT_QUOTA
        NFNLGRP_NFTRACE,
 #define NFNLGRP_NFTRACE                        NFNLGRP_NFTRACE
-       NFNLGRP_NFT_DEV,
-#define NFNLGRP_NFT_DEV                        NFNLGRP_NFT_DEV
        __NFNLGRP_MAX,
 };
 #define NFNLGRP_MAX    (__NFNLGRP_MAX - 1)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 24c71ecb21797fd863c1b8c7f4fdc2ab4aeb6676..a7240736f98e6a2b39d5c23cfbcbdc36d9547fe4 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -9686,64 +9686,6 @@ struct nf_hook_ops *nft_hook_find_ops_rcu(const struct nft_hook *hook,
 }
 EXPORT_SYMBOL_GPL(nft_hook_find_ops_rcu);
 
-static void
-nf_tables_device_notify(const struct nft_table *table, int attr,
-                       const char *name, const struct nft_hook *hook,
-                       const struct net_device *dev, int event)
-{
-       struct net *net = dev_net(dev);
-       struct nlmsghdr *nlh;
-       struct sk_buff *skb;
-       u16 flags = 0;
-
-       if (!nfnetlink_has_listeners(net, NFNLGRP_NFT_DEV))
-               return;
-
-       skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
-       if (!skb)
-               goto err;
-
-       event = event == NETDEV_REGISTER ? NFT_MSG_NEWDEV : NFT_MSG_DELDEV;
-       event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
-       nlh = nfnl_msg_put(skb, 0, 0, event, flags, table->family,
-                          NFNETLINK_V0, nft_base_seq(net));
-       if (!nlh)
-               goto err;
-
-       if (nla_put_string(skb, NFTA_DEVICE_TABLE, table->name) ||
-           nla_put_string(skb, attr, name) ||
-           nla_put(skb, NFTA_DEVICE_SPEC, hook->ifnamelen, hook->ifname) ||
-           nla_put_string(skb, NFTA_DEVICE_NAME, dev->name))
-               goto err;
-
-       nlmsg_end(skb, nlh);
-       nfnetlink_send(skb, net, 0, NFNLGRP_NFT_DEV,
-                      nlmsg_report(nlh), GFP_KERNEL);
-       return;
-err:
-       if (skb)
-               kfree_skb(skb);
-       nfnetlink_set_err(net, 0, NFNLGRP_NFT_DEV, -ENOBUFS);
-}
-
-void
-nf_tables_chain_device_notify(const struct nft_chain *chain,
-                             const struct nft_hook *hook,
-                             const struct net_device *dev, int event)
-{
-       nf_tables_device_notify(chain->table, NFTA_DEVICE_CHAIN,
-                               chain->name, hook, dev, event);
-}
-
-static void
-nf_tables_flowtable_device_notify(const struct nft_flowtable *ft,
-                                 const struct nft_hook *hook,
-                                 const struct net_device *dev, int event)
-{
-       nf_tables_device_notify(ft->table, NFTA_DEVICE_FLOWTABLE,
-                               ft->name, hook, dev, event);
-}
-
 static int nft_flowtable_event(unsigned long event, struct net_device *dev,
                               struct nft_flowtable *flowtable, bool changename)
 {
@@ -9791,7 +9733,6 @@ static int nft_flowtable_event(unsigned long event, struct net_device *dev,
                        list_add_tail_rcu(&ops->list, &hook->ops_list);
                        break;
                }
-               nf_tables_flowtable_device_notify(flowtable, hook, dev, event);
                break;
        }
        return 0;

diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index ac77fc21632deae1c6147726f6fa47a0b07f113a..e598a2a252b0a591dd0e6d864b01c9fdac1b58ba 100644 (file)
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -86,7 +86,6 @@ static const int nfnl_group2type[NFNLGRP_MAX+1] = {
        [NFNLGRP_NFTABLES]              = NFNL_SUBSYS_NFTABLES,
        [NFNLGRP_ACCT_QUOTA]            = NFNL_SUBSYS_ACCT,
        [NFNLGRP_NFTRACE]               = NFNL_SUBSYS_NFTABLES,
-       [NFNLGRP_NFT_DEV]               = NFNL_SUBSYS_NFTABLES,
 };
 
 static struct nfnl_net *nfnl_pernet(struct net *net)

diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c
index 846d48ba896529a8bbe3076551958963696f30b0..b16185e9a6dd7211400e36e7ec34aefcf2c7b9ce 100644 (file)
--- a/net/netfilter/nft_chain_filter.c
+++ b/net/netfilter/nft_chain_filter.c
@@ -363,8 +363,6 @@ static int nft_netdev_event(unsigned long event, struct net_device *dev,
                        list_add_tail_rcu(&ops->list, &hook->ops_list);
                        break;
                }
-               nf_tables_chain_device_notify(&basechain->chain,
-                                             hook, dev, event);
                break;
        }
        return 0;