Skip to content

Commit ff4bf2f

Browse files
ummakynesummakynes
committed
netfilter: nf_tables: add nft_unregister_flowtable_hook()
Unbind flowtable callback if hook is unregistered. This patch is implicitly fixing the error path of nf_tables_newflowtable() and nft_flowtable_event(). Fixes: 8bb69f3 ("netfilter: nf_tables: add flowtable offload control plane") Reported-by: wenxu <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent d7c03a9 commit ff4bf2f

File tree

1 file changed

+14
-10
lines changed

1 file changed

+14
-10
lines changed

net/netfilter/nf_tables_api.c

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5975,16 +5975,22 @@ nft_flowtable_type_get(struct net *net, u8 family)
59755975
return ERR_PTR(-ENOENT);
59765976
}
59775977

5978+
static void nft_unregister_flowtable_hook(struct net *net,
5979+
struct nft_flowtable *flowtable,
5980+
struct nft_hook *hook)
5981+
{
5982+
nf_unregister_net_hook(net, &hook->ops);
5983+
flowtable->data.type->setup(&flowtable->data, hook->ops.dev,
5984+
FLOW_BLOCK_UNBIND);
5985+
}
5986+
59785987
static void nft_unregister_flowtable_net_hooks(struct net *net,
59795988
struct nft_flowtable *flowtable)
59805989
{
59815990
struct nft_hook *hook;
59825991

5983-
list_for_each_entry(hook, &flowtable->hook_list, list) {
5984-
nf_unregister_net_hook(net, &hook->ops);
5985-
flowtable->data.type->setup(&flowtable->data, hook->ops.dev,
5986-
FLOW_BLOCK_UNBIND);
5987-
}
5992+
list_for_each_entry(hook, &flowtable->hook_list, list)
5993+
nft_unregister_flowtable_hook(net, flowtable, hook);
59885994
}
59895995

59905996
static int nft_register_flowtable_net_hooks(struct net *net,
@@ -6030,9 +6036,7 @@ static int nft_register_flowtable_net_hooks(struct net *net,
60306036
if (i-- <= 0)
60316037
break;
60326038

6033-
nf_unregister_net_hook(net, &hook->ops);
6034-
flowtable->data.type->setup(&flowtable->data, hook->ops.dev,
6035-
FLOW_BLOCK_UNBIND);
6039+
nft_unregister_flowtable_hook(net, flowtable, hook);
60366040
list_del_rcu(&hook->list);
60376041
kfree_rcu(hook, rcu);
60386042
}
@@ -6139,7 +6143,7 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk,
61396143
return 0;
61406144
err5:
61416145
list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) {
6142-
nf_unregister_net_hook(net, &hook->ops);
6146+
nft_unregister_flowtable_hook(net, flowtable, hook);
61436147
list_del_rcu(&hook->list);
61446148
kfree_rcu(hook, rcu);
61456149
}
@@ -6484,7 +6488,7 @@ static void nft_flowtable_event(unsigned long event, struct net_device *dev,
64846488
if (hook->ops.dev != dev)
64856489
continue;
64866490

6487-
nf_unregister_net_hook(dev_net(dev), &hook->ops);
6491+
nft_unregister_flowtable_hook(dev_net(dev), flowtable, hook);
64886492
list_del_rcu(&hook->list);
64896493
kfree_rcu(hook, rcu);
64906494
break;

0 commit comments

Comments
 (0)