[PATCH openEuler-22.03-LTS-SP1 03/19] Revert "netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain"

11 Oct 2023

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I86JB6
-------------------------------
This reverts commit af739b3be8b268ab4c0ce626ec948a8b552fa063.
Backport the dependency patch and then re-backport this patch.
Signed-off-by: Lu Wei luwei32@huawei.com
---
 include/net/netfilter/nf_tables.h |  2 --
 net/netfilter/nf_tables_api.c     | 45 +++++--------------------------
 net/netfilter/nft_immediate.c     |  3 ---
 3 files changed, 7 insertions(+), 43 deletions(-)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 5756d78f5e17..1a69a2201654 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -778,7 +778,6 @@ struct nft_expr_type {
enum nft_trans_phase {
    NFT_TRANS_PREPARE,
-	NFT_TRANS_PREPARE_ERROR,
    NFT_TRANS_ABORT,
    NFT_TRANS_COMMIT,
    NFT_TRANS_RELEASE
@@ -972,7 +971,6 @@ struct nft_chain {
int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain);
 int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);
-void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain);
enum nft_chain_types {
    NFT_CHAIN_T_DEFAULT = 0,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 65c262a65fff..2344ece59751 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -168,8 +168,7 @@ static void nft_trans_destroy(struct nft_trans *trans)
    kfree(trans);
 }
-static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,
-				 bool bind)
+static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
 {
    struct net *net = ctx->net;
    struct nft_trans *trans;
@@ -181,28 +180,17 @@ static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,
    	switch (trans->msg_type) {
    	case NFT_MSG_NEWSET:
    		if (nft_trans_set(trans) == set)
-				nft_trans_set_bound(trans) = bind;
+				nft_trans_set_bound(trans) = true;
    		break;
    	case NFT_MSG_NEWSETELEM:
    		if (nft_trans_elem_set(trans) == set)
-				nft_trans_elem_set_bound(trans) = bind;
+				nft_trans_elem_set_bound(trans) = true;
    		break;
    	}
    }
 }
-static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
-{
-	return __nft_set_trans_bind(ctx, set, true);
-}
-
-static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set)
-{
-	return __nft_set_trans_bind(ctx, set, false);
-}
-
-static void __nft_chain_trans_bind(const struct nft_ctx *ctx,
-				   struct nft_chain *chain, bool bind)
+static void nft_chain_trans_bind(const struct nft_ctx *ctx, struct nft_chain *chain)
 {
    struct net *net = ctx->net;
    struct nft_trans *trans;
@@ -214,22 +202,16 @@ static void __nft_chain_trans_bind(const struct nft_ctx *ctx,
    	switch (trans->msg_type) {
    	case NFT_MSG_NEWCHAIN:
    		if (nft_trans_chain(trans) == chain)
-				nft_trans_chain_bound(trans) = bind;
+				nft_trans_chain_bound(trans) = true;
    		break;
    	case NFT_MSG_NEWRULE:
    		if (trans->ctx.chain == chain)
-				nft_trans_rule_bound(trans) = bind;
+				nft_trans_rule_bound(trans) = true;
    		break;
    	}
    }
 }
-static void nft_chain_trans_bind(const struct nft_ctx *ctx,
-				 struct nft_chain *chain)
-{
-	__nft_chain_trans_bind(ctx, chain, true);
-}
-
 int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
 {
    if (!nft_chain_binding(chain))
@@ -248,11 +230,6 @@ int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
    return 0;
 }
-void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
-{
-	__nft_chain_trans_bind(ctx, chain, false);
-}
-
 static int nft_netdev_register_hooks(struct net *net,
    			     struct list_head *hook_list)
 {
@@ -3428,7 +3405,7 @@ static int nf_tables_newrule(struct net *net, struct sock *nlsk,
return 0;
 err2:
-	nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE_ERROR);
+	nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE);
    nf_tables_rule_destroy(&ctx, rule);
 err1:
    for (i = 0; i < n; i++) {
@@ -4560,13 +4537,6 @@ void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
    		      enum nft_trans_phase phase)
 {
    switch (phase) {
-	case NFT_TRANS_PREPARE_ERROR:
-		nft_set_trans_unbind(ctx, set);
-		if (nft_set_is_anonymous(set))
-			nft_deactivate_next(ctx->net, set);
-
-		set->use--;
-		break;
    case NFT_TRANS_PREPARE:
    	if (nft_set_is_anonymous(set))
    		nft_deactivate_next(ctx->net, set);
@@ -6493,7 +6463,6 @@ void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx,
    			    enum nft_trans_phase phase)
 {
    switch (phase) {
-	case NFT_TRANS_PREPARE_ERROR:
    case NFT_TRANS_PREPARE:
    case NFT_TRANS_ABORT:
    case NFT_TRANS_RELEASE:
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
index 6b0efab4fad0..9d4248898ce4 100644
--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@@ -150,9 +150,6 @@ static void nft_immediate_deactivate(const struct nft_ctx *ctx,
    			nft_rule_expr_deactivate(&chain_ctx, rule, phase);
switch (phase) {
-			case NFT_TRANS_PREPARE_ERROR:
-				nf_tables_unbind_chain(ctx, chain);
-				fallthrough;
    		case NFT_TRANS_PREPARE:
    			nft_deactivate_next(ctx->net, chain);
    			break;
-- 
2.34.1


    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-22.03-LTS-SP1 03/19] Revert "netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain"