diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-05 13:40:06 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-06 17:31:46 +0200 |
| commit | c271cc9febaaa1bcbc0842d1ee30466aa6148ea8 (patch) | |
| tree | ff29fe4e5bc0d98126dba5c15d1184c330690115 /net | |
| parent | netfilter: nf_tables: always initialize flowtable hook list in transaction (diff) | |
| download | linux-dev-c271cc9febaaa1bcbc0842d1ee30466aa6148ea8.tar.xz linux-dev-c271cc9febaaa1bcbc0842d1ee30466aa6148ea8.zip | |
netfilter: nf_tables: release new hooks on unsupported flowtable flags
Release the list of new hooks that are pending to be registered in case
that unsupported flowtable flags are provided.
Fixes: 78d9f48f7f44 ("netfilter: nf_tables: add devices to existing flowtable")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 2faa77cd2fe2..252796a99f5e 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -7433,11 +7433,15 @@ static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh, if (nla[NFTA_FLOWTABLE_FLAGS]) { flags = ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS])); - if (flags & ~NFT_FLOWTABLE_MASK) - return -EOPNOTSUPP; + if (flags & ~NFT_FLOWTABLE_MASK) { + err = -EOPNOTSUPP; + goto err_flowtable_update_hook; + } if ((flowtable->data.flags & NFT_FLOWTABLE_HW_OFFLOAD) ^ - (flags & NFT_FLOWTABLE_HW_OFFLOAD)) - return -EOPNOTSUPP; + (flags & NFT_FLOWTABLE_HW_OFFLOAD)) { + err = -EOPNOTSUPP; + goto err_flowtable_update_hook; + } } else { flags = flowtable->data.flags; } |