Lines Matching defs:table
74 struct nft_table *table;
109 static void nft_validate_state_update(struct nft_table *table, u8 new_validate_state)
111 switch (table->validate_state) {
122 table->validate_state = new_validate_state;
135 struct nft_table *table,
142 ctx->table = table;
319 const struct nft_table *table,
325 if (table->flags & NFT_TABLE_F_DORMANT ||
335 if (nft_base_chain_netdev(table->family, basechain->ops.hooknum))
342 const struct nft_table *table,
349 if (table->flags & NFT_TABLE_F_DORMANT ||
358 if (nft_base_chain_netdev(table->family, basechain->ops.hooknum))
366 const struct nft_table *table,
369 return __nf_tables_unregister_hook(net, table, chain, false);
401 nft_activate_next(ctx->net, ctx->table);
415 nft_deactivate_next(ctx->net, ctx->table);
449 nft_use_dec(&ctx->table->use);
658 nft_use_dec(&ctx->table->use);
690 nft_use_dec(&ctx->table->use);
726 nft_use_dec(&ctx->table->use);
792 struct nft_table *table;
798 list_for_each_entry_rcu(table, &nft_net->tables, list,
800 if (!nla_strcmp(nla, table->name) &&
801 table->family == family &&
802 nft_active_genmask(table, genmask)) {
803 if (nft_table_has_owner(table) &&
804 nlpid && table->nlpid != nlpid)
807 return table;
819 struct nft_table *table;
822 list_for_each_entry(table, &nft_net->tables, list) {
823 if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
824 table->family == family &&
825 nft_active_genmask(table, genmask)) {
826 if (nft_table_has_owner(table) &&
827 nlpid && table->nlpid != nlpid)
830 return table;
837 static inline u64 nf_tables_alloc_handle(struct nft_table *table)
839 return ++table->hgenerator;
964 int family, const struct nft_table *table)
974 if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
975 nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use)) ||
976 nla_put_be64(skb, NFTA_TABLE_HANDLE, cpu_to_be64(table->handle),
986 htonl(table->flags & NFT_TABLE_F_MASK)))
989 if (nft_table_has_owner(table) &&
990 nla_put_be32(skb, NFTA_TABLE_OWNER, htonl(table->nlpid)))
993 if (table->udata) {
994 if (nla_put(skb, NFTA_TABLE_USERDATA, table->udlen, table->udata))
1037 event, flags, ctx->family, ctx->table);
1055 const struct nft_table *table;
1064 list_for_each_entry_rcu(table, &nft_net->tables, list) {
1065 if (family != NFPROTO_UNSPEC && family != table->family)
1073 if (!nft_is_active(net, table))
1079 table->family, table) < 0)
1116 const struct nft_table *table;
1130 table = nft_table_lookup(net, nla[NFTA_TABLE_NAME], family, genmask, 0);
1131 if (IS_ERR(table)) {
1133 return PTR_ERR(table);
1142 0, family, table);
1153 static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt)
1158 list_for_each_entry(chain, &table->chains, list) {
1167 nf_tables_unregister_hook(net, table, chain);
1171 static int nf_tables_table_enable(struct net *net, struct nft_table *table)
1176 list_for_each_entry(chain, &table->chains, list) {
1182 err = nf_tables_register_hook(net, table, chain);
1192 nft_table_disable(net, table, i);
1196 static void nf_tables_table_disable(struct net *net, struct nft_table *table)
1198 table->flags &= ~NFT_TABLE_F_DORMANT;
1199 nft_table_disable(net, table, 0);
1200 table->flags |= NFT_TABLE_F_DORMANT;
1216 if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
1220 if (trans->ctx.table == ctx->table &&
1244 if (flags == (ctx->table->flags & NFT_TABLE_F_MASK))
1247 if ((nft_table_has_owner(ctx->table) &&
1250 !nft_table_is_orphan(ctx->table)))
1253 if ((flags ^ ctx->table->flags) & NFT_TABLE_F_PERSIST)
1266 !(ctx->table->flags & NFT_TABLE_F_DORMANT)) {
1267 ctx->table->flags |= NFT_TABLE_F_DORMANT;
1268 if (!(ctx->table->flags & __NFT_TABLE_F_UPDATE))
1269 ctx->table->flags |= __NFT_TABLE_F_WAS_AWAKEN;
1271 ctx->table->flags & NFT_TABLE_F_DORMANT) {
1272 ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
1273 if (!(ctx->table->flags & __NFT_TABLE_F_UPDATE)) {
1274 ret = nf_tables_table_enable(ctx->net, ctx->table);
1278 ctx->table->flags |= __NFT_TABLE_F_WAS_DORMANT;
1283 !nft_table_has_owner(ctx->table)) {
1284 ctx->table->nlpid = ctx->portid;
1285 ctx->table->flags |= NFT_TABLE_F_OWNER |
1295 ctx->table->flags |= NFT_TABLE_F_DORMANT;
1327 seed ^= hash_ptr(k->table, 32);
1345 if (obj->key.table != k->table)
1384 struct nft_table *table;
1394 table = nft_table_lookup(net, attr, family, genmask,
1396 if (IS_ERR(table)) {
1397 if (PTR_ERR(table) != -ENOENT)
1398 return PTR_ERR(table);
1407 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
1419 table = kzalloc(sizeof(*table), GFP_KERNEL_ACCOUNT);
1420 if (table == NULL)
1423 table->validate_state = nft_net->validate_state;
1424 table->name = nla_strdup(attr, GFP_KERNEL_ACCOUNT);
1425 if (table->name == NULL)
1429 table->udata = nla_memdup(nla[NFTA_TABLE_USERDATA], GFP_KERNEL_ACCOUNT);
1430 if (table->udata == NULL)
1433 table->udlen = nla_len(nla[NFTA_TABLE_USERDATA]);
1436 err = rhltable_init(&table->chains_ht, &nft_chain_ht_params);
1440 INIT_LIST_HEAD(&table->chains);
1441 INIT_LIST_HEAD(&table->sets);
1442 INIT_LIST_HEAD(&table->objects);
1443 INIT_LIST_HEAD(&table->flowtables);
1444 table->family = family;
1445 table->flags = flags;
1446 table->handle = ++nft_net->table_handle;
1447 if (table->flags & NFT_TABLE_F_OWNER)
1448 table->nlpid = NETLINK_CB(skb).portid;
1450 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
1455 list_add_tail_rcu(&table->list, &nft_net->tables);
1458 rhltable_destroy(&table->chains_ht);
1460 kfree(table->udata);
1462 kfree(table->name);
1464 kfree(table);
1477 list_for_each_entry(chain, &ctx->table->chains, list) {
1491 list_for_each_entry_safe(set, ns, &ctx->table->sets, list) {
1503 list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) {
1512 list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
1521 list_for_each_entry_safe(chain, nc, &ctx->table->chains, list) {
1544 struct nft_table *table, *nt;
1547 list_for_each_entry_safe(table, nt, &nft_net->tables, list) {
1548 if (family != AF_UNSPEC && table->family != family)
1551 ctx->family = table->family;
1553 if (!nft_is_active_next(ctx->net, table))
1556 if (nft_table_has_owner(table) && table->nlpid != ctx->portid)
1560 nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0)
1563 ctx->table = table;
1581 struct nft_table *table;
1591 table = nft_table_lookup_byhandle(net, attr, family, genmask,
1595 table = nft_table_lookup(net, attr, family, genmask,
1599 if (IS_ERR(table)) {
1600 if (PTR_ERR(table) == -ENOENT &&
1605 return PTR_ERR(table);
1609 table->use > 0)
1613 ctx.table = table;
1620 if (WARN_ON(ctx->table->use > 0))
1623 rhltable_destroy(&ctx->table->chains_ht);
1624 kfree(ctx->table->name);
1625 kfree(ctx->table->udata);
1626 kfree(ctx->table);
1654 nft_chain_lookup_byhandle(const struct nft_table *table, u64 handle, u8 genmask)
1658 list_for_each_entry(chain, &table->chains, list) {
1679 struct nft_table *table,
1696 list = rhltable_lookup(&table->chains_ht, search, nft_chain_ht_params);
1822 int family, const struct nft_table *table,
1834 if (nla_put_string(skb, NFTA_CHAIN_TABLE, table->name) ||
1904 event, flags, ctx->family, ctx->table,
1926 const struct nft_table *table;
1933 list_for_each_entry_rcu(table, &nft_net->tables, list) {
1934 if (family != NFPROTO_UNSPEC && family != table->family)
1937 list_for_each_entry_rcu(chain, &table->chains, list) {
1950 table->family, table,
1974 struct nft_table *table;
1987 table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask, 0);
1988 if (IS_ERR(table)) {
1990 return PTR_ERR(table);
1993 chain = nft_chain_lookup(net, table, nla[NFTA_CHAIN_NAME], genmask);
2005 0, family, table, chain, NULL);
2427 int nft_chain_add(struct nft_table *table, struct nft_chain *chain)
2431 err = rhltable_insert_key(&table->chains_ht, chain->name,
2436 list_add_tail_rcu(&chain->list, &table->chains);
2448 struct nft_table *table = ctx->table;
2461 if (table->flags & __NFT_TABLE_F_UPDATE)
2513 chain->handle = nf_tables_alloc_handle(table);
2514 chain->table = table;
2551 if (!nft_use_inc(&table->use)) {
2566 err = nft_chain_add(table, chain);
2571 err = nf_tables_register_hook(net, table, chain);
2582 nft_use_dec_restore(&table->use);
2595 struct nft_table *table = ctx->table;
2656 chain2 = nft_chain_lookup(ctx->net, table,
2665 if (table->flags & __NFT_TABLE_F_UPDATE &&
2672 if (!(table->flags & NFT_TABLE_F_DORMANT) &&
2678 if (nft_base_chain_netdev(table->family, basechain->ops.hooknum)) {
2728 tmp->ctx.table == table &&
2769 const struct nft_table *table,
2780 chain->table == table &&
2798 struct nft_table *table;
2806 table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask,
2808 if (IS_ERR(table)) {
2810 return PTR_ERR(table);
2818 chain = nft_chain_lookup_byhandle(table, handle, genmask);
2825 chain = nft_chain_lookup(net, table, attr, genmask);
2868 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
2901 if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
2950 struct nft_table *table;
2958 table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask,
2960 if (IS_ERR(table)) {
2962 return PTR_ERR(table);
2968 chain = nft_chain_lookup_byhandle(table, handle, genmask);
2971 chain = nft_chain_lookup(net, table, attr, genmask);
2985 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
2995 if (nft_base_chain_netdev(table->family, basechain->ops.hooknum))
3405 const struct nft_table *table,
3420 if (nla_put_string(skb, NFTA_RULE_TABLE, table->name))
3491 event, flags, ctx->family, ctx->table,
3504 static void audit_log_rule_reset(const struct nft_table *table,
3509 table->name, base_seq);
3511 audit_log_nfcfg(buf, table->family, nentries,
3518 char *table;
3526 const struct nft_table *table,
3551 table->family,
3552 table, chain, rule, handle, ctx->reset) < 0) {
3565 audit_log_rule_reset(table, cb->seq, entries);
3575 struct nft_table *table;
3586 list_for_each_entry_rcu(table, &nft_net->tables, list) {
3587 if (family != NFPROTO_UNSPEC && family != table->family)
3590 if (ctx->table && strcmp(ctx->table, table->name) != 0)
3593 if (ctx->table && ctx->chain) {
3596 list = rhltable_lookup(&table->chains_ht, ctx->chain,
3605 cb, table, chain);
3611 list_for_each_entry_rcu(chain, &table->chains, list) {
3613 cb, table, chain))
3617 if (ctx->table)
3652 ctx->table = nla_strdup(nla[NFTA_RULE_TABLE], GFP_ATOMIC);
3653 if (!ctx->table)
3659 kfree(ctx->table);
3679 kfree(ctx->table);
3695 struct nft_table *table;
3699 table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask, 0);
3700 if (IS_ERR(table)) {
3702 return ERR_CAST(table);
3705 chain = nft_chain_lookup(net, table, nla[NFTA_RULE_CHAIN], genmask);
3723 family, table, chain, rule, 0, reset);
3857 static int nft_table_validate(struct net *net, const struct nft_table *table)
3862 .family = table->family,
3866 list_for_each_entry(chain, &table->chains, list) {
3956 struct nft_table *table;
3967 table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask,
3969 if (IS_ERR(table)) {
3971 return PTR_ERR(table);
3975 chain = nft_chain_lookup(net, table, nla[NFTA_RULE_CHAIN],
3983 chain = nft_chain_lookup_byid(net, table, nla[NFTA_RULE_CHAIN_ID],
4016 handle = nf_tables_alloc_handle(table);
4034 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
4097 nft_validate_state_update(table, NFT_VALIDATE_NEED);
4156 if (table->validate_state == NFT_VALIDATE_DO)
4157 return nft_table_validate(net, table);
4206 struct nft_table *table;
4211 table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask,
4213 if (IS_ERR(table)) {
4215 return PTR_ERR(table);
4219 chain = nft_chain_lookup(net, table, nla[NFTA_RULE_CHAIN],
4233 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
4260 list_for_each_entry(chain, &table->chains, list) {
4397 static struct nft_set *nft_set_lookup(const struct nft_table *table,
4405 list_for_each_entry_rcu(set, &table->sets, list) {
4413 static struct nft_set *nft_set_lookup_byhandle(const struct nft_table *table,
4419 list_for_each_entry(set, &table->sets, list) {
4428 const struct nft_table *table,
4440 set->table == table &&
4449 const struct nft_table *table,
4456 set = nft_set_lookup(table, nla_set_name, genmask);
4461 set = nft_set_lookup_byid(net, table, nla_set_id, genmask);
4487 list_for_each_entry(i, &ctx->table->sets, list) {
4513 list_for_each_entry(i, &ctx->table->sets, list) {
4588 if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
4714 struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2];
4726 list_for_each_entry_rcu(table, &nft_net->tables, list) {
4728 ctx->family != table->family)
4731 if (ctx->table && ctx->table != table)
4735 if (cur_table != table)
4741 list_for_each_entry_rcu(set, &table->sets, list) {
4748 ctx_set.table = table;
4749 ctx_set.family = table->family;
4755 cb->args[2] = (unsigned long) table;
4796 struct nft_table *table = NULL;
4804 table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
4806 if (IS_ERR(table)) {
4808 return PTR_ERR(table);
4812 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
4832 set = nft_set_lookup(table, nla[NFTA_SET_NAME], genmask);
5018 struct nft_table *table;
5159 table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family, genmask,
5161 if (IS_ERR(table)) {
5163 return PTR_ERR(table);
5166 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
5168 set = nft_set_lookup(table, nla[NFTA_SET_NAME], genmask);
5224 if (!nft_use_inc(&table->use))
5253 set->table = table;
5282 set->handle = nf_tables_alloc_handle(table);
5289 list_add_tail_rcu(&set->list, &table->sets);
5303 nft_use_dec_restore(&table->use);
5351 struct nft_table *table;
5358 table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
5360 if (IS_ERR(table)) {
5362 return PTR_ERR(table);
5367 set = nft_set_lookup_byhandle(table, attr, genmask);
5370 set = nft_set_lookup(table, attr, genmask);
5388 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
5824 static void audit_log_nft_set_reset(const struct nft_table *table,
5828 char *buf = kasprintf(GFP_ATOMIC, "%s:%u", table->name, base_seq);
5830 audit_log_nfcfg(buf, table->family, nentries,
5858 audit_log_nft_set_reset(set->table, base_seq, 1);
5870 struct nft_table *table;
5883 list_for_each_entry_rcu(table, &nft_net->tables, list) {
5885 dump_ctx->ctx.family != table->family)
5888 if (table != dump_ctx->ctx.table)
5891 list_for_each_entry_rcu(set, &table->sets, list) {
5910 table->family, NFNETLINK_V0, nft_base_seq(net));
5914 if (nla_put_string(skb, NFTA_SET_ELEM_LIST_TABLE, table->name))
5967 audit_log_nft_set_reset(dump_ctx->ctx.table, cb->seq,
6007 if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
6188 struct nft_table *table;
6191 table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
6193 if (IS_ERR(table)) {
6195 return PTR_ERR(table);
6198 set = nft_set_lookup(table, nla[NFTA_SET_ELEM_LIST_SET], genmask);
6205 info->nlh, family, table, NULL, nla);
6302 audit_log_nft_set_reset(dump_ctx.ctx.table, nft_net->base_seq, nelems);
6487 .family = set->table->family,
6978 obj = nft_obj_lookup(ctx->net, ctx->table,
7009 .table = ctx->table,
7025 nft_validate_state_update(ctx->table,
7158 struct nft_table *table;
7166 table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
7168 if (IS_ERR(table)) {
7170 return PTR_ERR(table);
7173 set = nft_set_lookup_global(net, table, nla[NFTA_SET_ELEM_LIST_SET],
7184 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
7194 if (table->validate_state == NFT_VALIDATE_DO)
7195 return nft_table_validate(net, table);
7446 struct nft_table *table;
7451 table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
7453 if (IS_ERR(table)) {
7455 return PTR_ERR(table);
7458 set = nft_set_lookup(table, nla[NFTA_SET_ELEM_LIST_SET], genmask);
7470 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
7528 const struct nft_table *table,
7532 struct nft_object_hash_key k = { .table = table };
7561 static struct nft_object *nft_obj_lookup_byhandle(const struct nft_table *table,
7567 list_for_each_entry(obj, &table->objects, list) {
7741 struct nft_table *table;
7752 table = nft_table_lookup(net, nla[NFTA_OBJ_TABLE], family, genmask,
7754 if (IS_ERR(table)) {
7756 return PTR_ERR(table);
7760 obj = nft_obj_lookup(net, table, nla[NFTA_OBJ_NAME], objtype, genmask);
7779 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
7784 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
7786 if (!nft_use_inc(&table->use))
7800 obj->key.table = table;
7801 obj->handle = nf_tables_alloc_handle(table);
7826 list_add_tail_rcu(&obj->list, &table->objects);
7844 nft_use_dec_restore(&table->use);
7851 int family, const struct nft_table *table,
7862 if (nla_put_string(skb, NFTA_OBJ_TABLE, table->name) ||
7890 static void audit_log_obj_reset(const struct nft_table *table,
7893 char *buf = kasprintf(GFP_ATOMIC, "%s:%u", table->name, base_seq);
7895 audit_log_nfcfg(buf, table->family, nentries,
7902 char *table;
7914 const struct nft_table *table;
7924 list_for_each_entry_rcu(table, &nft_net->tables, list) {
7925 if (family != NFPROTO_UNSPEC && family != table->family)
7929 list_for_each_entry_rcu(obj, &table->objects, list) {
7934 if (ctx->table && strcmp(ctx->table, table->name))
7945 table->family, table,
7956 audit_log_obj_reset(table, nft_net->base_seq, entries);
7974 ctx->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_ATOMIC);
7975 if (!ctx->table)
7992 kfree(ctx->table);
8004 const struct nft_table *table;
8028 table = nft_table_lookup(net, nla[NFTA_OBJ_TABLE], family, genmask, 0);
8029 if (IS_ERR(table)) {
8031 return PTR_ERR(table);
8035 obj = nft_obj_lookup(net, table, nla[NFTA_OBJ_NAME], objtype, genmask);
8053 buf = kasprintf(GFP_ATOMIC, "%s:%u", table->name, nft_net->base_seq);
8065 family, table, obj, reset);
8095 struct nft_table *table;
8104 table = nft_table_lookup(net, nla[NFTA_OBJ_TABLE], family, genmask,
8106 if (IS_ERR(table)) {
8108 return PTR_ERR(table);
8114 obj = nft_obj_lookup_byhandle(table, attr, objtype, genmask);
8117 obj = nft_obj_lookup(net, table, attr, objtype, genmask);
8133 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8139 __nft_obj_notify(struct net *net, const struct nft_table *table,
8157 family, table, obj, false);
8169 void nft_obj_notify(struct net *net, const struct nft_table *table,
8175 table->name, nft_net->base_seq);
8186 __nft_obj_notify(net, table, obj, portid, seq, event,
8194 __nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid,
8228 struct nft_flowtable *nft_flowtable_lookup(const struct nft_table *table,
8233 list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
8260 nft_flowtable_lookup_byhandle(const struct nft_table *table,
8265 list_for_each_entry(flowtable, &table->flowtables, list) {
8423 struct nft_table *table,
8432 list_for_each_entry(ft, &table->flowtables, list) {
8526 err = nft_register_flowtable_net_hooks(ctx->net, ctx->table,
8572 struct nft_table *table;
8582 table = nft_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family,
8584 if (IS_ERR(table)) {
8586 return PTR_ERR(table);
8589 flowtable = nft_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
8603 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8608 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8610 if (!nft_use_inc(&table->use))
8619 flowtable->table = table;
8620 flowtable->handle = nf_tables_alloc_handle(table);
8666 err = nft_register_flowtable_net_hooks(ctx.net, table,
8672 list_add_tail_rcu(&flowtable->list, &table->flowtables);
8689 nft_use_dec_restore(&table->use);
8763 struct nft_table *table;
8771 table = nft_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family,
8773 if (IS_ERR(table)) {
8775 return PTR_ERR(table);
8780 flowtable = nft_flowtable_lookup_byhandle(table, attr, genmask);
8783 flowtable = nft_flowtable_lookup(table, attr, genmask);
8795 nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8824 if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
8869 char *table;
8882 const struct nft_table *table;
8888 list_for_each_entry_rcu(table, &nft_net->tables, list) {
8889 if (family != NFPROTO_UNSPEC && family != table->family)
8892 list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
8900 if (filter && filter->table &&
8901 strcmp(filter->table, table->name))
8908 table->family,
8934 filter->table = nla_strdup(nla[NFTA_FLOWTABLE_TABLE],
8936 if (!filter->table) {
8953 kfree(filter->table);
8968 const struct nft_table *table;
8988 table = nft_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family,
8990 if (IS_ERR(table)) {
8992 return PTR_ERR(table);
8995 flowtable = nft_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
9119 struct nft_table *table;
9128 list_for_each_entry(table, &nft_net->tables, list) {
9129 list_for_each_entry(flowtable, &table->flowtables, list) {
9390 struct nft_table *table;
9392 list_for_each_entry(table, &nft_net->tables, list) {
9393 switch (table->validate_state) {
9397 nft_validate_state_update(table, NFT_VALIDATE_DO);
9400 if (nft_table_validate(net, table) < 0)
9403 nft_validate_state_update(table, NFT_VALIDATE_SKIP);
9437 rhltable_remove(&trans->ctx.table->chains_ht,
9441 rhltable_insert_key(&trans->ctx.table->chains_ht,
9725 struct nft_table *table = chain->table;
9727 WARN_ON_ONCE(rhltable_remove(&table->chains_ht, &chain->rhlhead,
9792 ctx.table = trans->set->table;
10053 struct nft_table *table)
10058 if (adp->table == table)
10064 adp->table = table;
10080 struct nft_table *table, u32 op)
10085 if (adp->table == table)
10088 WARN_ONCE(1, "table=%s not expected in commit list", table->name);
10104 snprintf(aubuf, AUNFTABLENAMELEN, "%s:%u", adp->table->name,
10106 audit_log_nfcfg(aubuf, adp->table->family, adp->entries,
10151 struct nft_table *table;
10195 ret = nf_tables_commit_audit_alloc(&adl, trans->ctx.table);
10215 list_for_each_entry(table, &nft_net->tables, list) {
10216 list_for_each_entry(chain, &table->chains, list)
10236 nf_tables_commit_audit_collect(&adl, trans->ctx.table,
10241 if (!(trans->ctx.table->flags & __NFT_TABLE_F_UPDATE)) {
10245 if (trans->ctx.table->flags & NFT_TABLE_F_DORMANT)
10246 nf_tables_table_disable(net, trans->ctx.table);
10248 trans->ctx.table->flags &= ~__NFT_TABLE_F_UPDATE;
10250 nft_clear(net, trans->ctx.table);
10257 list_del_rcu(&trans->ctx.table->list);
10280 if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT)) {
10290 trans->ctx.table,
10328 /* This avoids hitting -EBUSY when deleting the table
10333 nft_use_dec(&trans->ctx.table->use);
10534 if (!(trans->ctx.table->flags & __NFT_TABLE_F_UPDATE)) {
10538 if (trans->ctx.table->flags & __NFT_TABLE_F_WAS_DORMANT) {
10539 nf_tables_table_disable(net, trans->ctx.table);
10540 trans->ctx.table->flags |= NFT_TABLE_F_DORMANT;
10541 } else if (trans->ctx.table->flags & __NFT_TABLE_F_WAS_AWAKEN) {
10542 trans->ctx.table->flags &= ~NFT_TABLE_F_DORMANT;
10544 if (trans->ctx.table->flags & __NFT_TABLE_F_WAS_ORPHAN) {
10545 trans->ctx.table->flags &= ~NFT_TABLE_F_OWNER;
10546 trans->ctx.table->nlpid = 0;
10548 trans->ctx.table->flags &= ~__NFT_TABLE_F_UPDATE;
10551 list_del_rcu(&trans->ctx.table->list);
10556 nft_clear(trans->ctx.net, trans->ctx.table);
10561 if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT)) {
10574 nft_use_dec_restore(&trans->ctx.table->use);
10577 trans->ctx.table,
10587 nft_use_inc_restore(&trans->ctx.table->use);
10620 nft_use_dec_restore(&trans->ctx.table->use);
10630 nft_use_inc_restore(&trans->ctx.table->use);
10676 nft_use_dec_restore(&trans->ctx.table->use);
10682 nft_use_inc_restore(&trans->ctx.table->use);
10691 nft_use_dec_restore(&trans->ctx.table->use);
10703 nft_use_inc_restore(&trans->ctx.table->use);
10922 list_for_each_entry(set, &ctx->table->sets, list) {
11146 chain = nft_chain_lookup(ctx->net, ctx->table,
11150 chain = nft_chain_lookup_byid(ctx->net, ctx->table,
11356 nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain);
11363 nft_use_dec(&ctx->table->use);
11370 static void __nft_release_hook(struct net *net, struct nft_table *table)
11375 list_for_each_entry(chain, &table->chains, list)
11376 __nf_tables_unregister_hook(net, table, chain, true);
11377 list_for_each_entry(flowtable, &table->flowtables, list)
11385 struct nft_table *table;
11387 list_for_each_entry(table, &nft_net->tables, list) {
11388 if (nft_table_has_owner(table))
11391 __nft_release_hook(net, table);
11395 static void __nft_release_table(struct net *net, struct nft_table *table)
11407 ctx.family = table->family;
11408 ctx.table = table;
11409 list_for_each_entry(chain, &table->chains, list) {
11420 list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
11422 nft_use_dec(&table->use);
11425 list_for_each_entry_safe(set, ns, &table->sets, list) {
11427 nft_use_dec(&table->use);
11433 list_for_each_entry_safe(obj, ne, &table->objects, list) {
11435 nft_use_dec(&table->use);
11438 list_for_each_entry_safe(chain, nc, &table->chains, list) {
11441 nft_use_dec(&table->use);
11450 struct nft_table *table, *nt;
11452 list_for_each_entry_safe(table, nt, &nft_net->tables, list) {
11453 if (nft_table_has_owner(table))
11456 list_del(&table->list);
11458 __nft_release_table(net, table);
11465 struct nft_table *table, *to_delete[8];
11485 list_for_each_entry(table, &nft_net->tables, list) {
11486 if (nft_table_has_owner(table) &&
11487 n->portid == table->nlpid) {
11488 if (table->flags & NFT_TABLE_F_PERSIST) {
11489 table->flags &= ~NFT_TABLE_F_OWNER;
11492 __nft_release_hook(net, table);
11493 list_del_rcu(&table->list);
11494 to_delete[deleted++] = table;