On Wed, May 21, 2025 at 10:44:33PM +0200, Phil Sutter wrote:
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index a7240736f98e..268bc00fe2ec 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -9686,6 +9686,64 @@ struct nf_hook_ops *nft_hook_find_ops_rcu(const struct nft_hook *hook,
> }
> EXPORT_SYMBOL_GPL(nft_hook_find_ops_rcu);
>
> +static void
> +nf_tables_device_notify(const struct nft_table *table, int attr,
> + const char *name, const struct nft_hook *hook,
> + const struct net_device *dev, int event)
> +{
> + struct net *net = dev_net(dev);
> + struct nlmsghdr *nlh;
> + struct sk_buff *skb;
> + u16 flags = 0;
> +
> + if (!nfnetlink_has_listeners(net, NFNLGRP_NFT_DEV))
> + return;
> +
> + skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
> + if (!skb)
> + goto err;
> +
> + event = event == NETDEV_REGISTER ? NFT_MSG_NEWDEV : NFT_MSG_DELDEV;
> + event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
> + nlh = nfnl_msg_put(skb, 0, 0, event, flags, table->family,
> + NFNETLINK_V0, nft_base_seq(net));
> + if (!nlh)
> + goto err;
> +
> + if (nla_put_string(skb, NFTA_DEVICE_TABLE, table->name) ||
> + nla_put_string(skb, attr, name) ||
> + nla_put(skb, NFTA_DEVICE_SPEC, hook->ifnamelen, hook->ifname) ||
> + nla_put_string(skb, NFTA_DEVICE_NAME, dev->name))
> + goto err;
> +
> + nlmsg_end(skb, nlh);
> + nfnetlink_send(skb, net, 0, NFNLGRP_NFTABLES,
^..............^
NFNLGRP_NFT_DEV))
> + nlmsg_report(nlh), GFP_KERNEL);
> + return;
> +err:
> + if (skb)
> + kfree_skb(skb);
> + nfnetlink_set_err(net, 0, NFNLGRP_NFTABLES, -ENOBUFS);
> +}
