From 039125a8bd085706ca2868f028a3ad79ab8578a5 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@netfilter.org>
Date: Sat, 26 Jun 2021 22:21:05 +0200
Subject: Backport "netfilter: nfnetlink: consolidate callback type"

Backport patch "netfilter: nfnetlink: consolidate callback type"
from Pablo Neira Ayuso <pablo@netfilter.org>.

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---
 configure.ac                                            | 10 ++++++++++
 kernel/include/linux/netfilter/ipset/ip_set_compat.h.in |  7 +++++++
 kernel/net/netfilter/ipset/ip_set_core.c                | 16 ++++++++++++++++
 3 files changed, 33 insertions(+)

diff --git a/configure.ac b/configure.ac
index 7bb02c3..60c0a6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -806,6 +806,16 @@ else
 	AC_SUBST(HAVE_NFNL_INFO_IN_NFNL_CALLBACK, undef)
 fi
 
+AC_MSG_CHECKING([kernel source for enum nfnl_callback_type])
+if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
+   $GREP -q 'enum nfnl_callback_type ' $ksourcedir/include/linux/netfilter/nfnetlink.h; then
+	AC_MSG_RESULT(yes)
+	AC_SUBST(HAVE_NFNL_CALLBACK_TYPE, define)
+else
+	AC_MSG_RESULT(no)
+	AC_SUBST(HAVE_NFNL_CALLBACK_TYPE, undef)
+fi
+
 AC_MSG_CHECKING([kernel source for kvzalloc() in mm.h])
 if test -f $ksourcedir/include/linux/mm.h && \
    $GREP -q 'static inline void \*kvzalloc(' $ksourcedir/include/linux/mm.h; then
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 5f44f63..af6424d 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -64,6 +64,7 @@
 #@HAVE_NLA_STRSCPY@ HAVE_NLA_STRSCPY
 #@HAVE_NFNL_MSG_PUT@ HAVE_NFNL_MSG_PUT
 #@HAVE_NFNL_INFO_IN_NFNL_CALLBACK@ HAVE_NFNL_INFO_IN_NFNL_CALLBACK
+#@HAVE_NFNL_CALLBACK_TYPE@ HAVE_NFNL_CALLBACK_TYPE
 
 #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H
 #include <linux/module.h>
@@ -380,6 +381,12 @@ static inline int nla_put_in6_addr(struct sk_buff *skb, int attrtype,
 #define INFO_SK(i, n)					n
 #endif
 
+#ifdef HAVE_NFNL_CALLBACK_TYPE
+#define SET_NFNL_CALLBACK_TYPE(t) 	.type = t,
+#else
+#define SET_NFNL_CALLBACK_TYPE(t)
+#endif
+
 #ifndef HAVE_TC_SKB_PROTOCOL
 #include <linux/if_vlan.h>
 
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 43e6b9c..4c86089 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -2197,80 +2197,96 @@ nlmsg_failure:
 static const struct nfnl_callback ip_set_netlink_subsys_cb[IPSET_MSG_MAX] = {
 	[IPSET_CMD_NONE]	= {
 		.call		= ip_set_none,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 	},
 	[IPSET_CMD_CREATE]	= {
 		.call		= ip_set_create,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_create_policy,
 	},
 	[IPSET_CMD_DESTROY]	= {
 		.call		= ip_set_destroy,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname_policy,
 	},
 	[IPSET_CMD_FLUSH]	= {
 		.call		= ip_set_flush,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname_policy,
 	},
 	[IPSET_CMD_RENAME]	= {
 		.call		= ip_set_rename,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname2_policy,
 	},
 	[IPSET_CMD_SWAP]	= {
 		.call		= ip_set_swap,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname2_policy,
 	},
 	[IPSET_CMD_LIST]	= {
 		.call		= ip_set_dump,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_dump_policy,
 	},
 	[IPSET_CMD_SAVE]	= {
 		.call		= ip_set_dump,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname_policy,
 	},
 	[IPSET_CMD_ADD]	= {
 		.call		= ip_set_uadd,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_adt_policy,
 	},
 	[IPSET_CMD_DEL]	= {
 		.call		= ip_set_udel,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_adt_policy,
 	},
 	[IPSET_CMD_TEST]	= {
 		.call		= ip_set_utest,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_adt_policy,
 	},
 	[IPSET_CMD_HEADER]	= {
 		.call		= ip_set_header,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname_policy,
 	},
 	[IPSET_CMD_TYPE]	= {
 		.call		= ip_set_type,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_type_policy,
 	},
 	[IPSET_CMD_PROTOCOL]	= {
 		.call		= ip_set_protocol,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_protocol_policy,
 	},
 	[IPSET_CMD_GET_BYNAME]	= {
 		.call		= ip_set_byname,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_setname_policy,
 	},
 	[IPSET_CMD_GET_BYINDEX]	= {
 		.call		= ip_set_byindex,
+		SET_NFNL_CALLBACK_TYPE(NFNL_CB_MUTEX)
 		.attr_count	= IPSET_ATTR_CMD_MAX,
 		.policy		= ip_set_index_policy,
 	},
-- 
cgit v1.2.3