diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-06-05 13:40:06 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-06-14 18:36:17 +0200 |
| commit | fb2962f9a1b4320c7548369609c81a9cd38d5178 (patch) | |
| tree | 86089b92fdcbe2497a1795e65793574e10db21cc /net | |
| parent | 888312dc297a8a103f6371ef668c7e04f57a7679 (diff) | |
| download | linux-fb2962f9a1b4320c7548369609c81a9cd38d5178.tar.gz linux-fb2962f9a1b4320c7548369609c81a9cd38d5178.tar.bz2 linux-fb2962f9a1b4320c7548369609c81a9cd38d5178.zip | |
netfilter: nf_tables: release new hooks on unsupported flowtable flags
[ Upstream commit c271cc9febaaa1bcbc0842d1ee30466aa6148ea8 ]
Release the list of new hooks that are pending to be registered in case
that unsupported flowtable flags are provided.
Fixes: 78d9f48f7f44 ("netfilter: nf_tables: add devices to existing flowtable")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 5c0379394b4a..af2ae42cc5c7 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -7332,11 +7332,15 @@ static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh, if (nla[NFTA_FLOWTABLE_FLAGS]) { flags = ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS])); - if (flags & ~NFT_FLOWTABLE_MASK) - return -EOPNOTSUPP; + if (flags & ~NFT_FLOWTABLE_MASK) { + err = -EOPNOTSUPP; + goto err_flowtable_update_hook; + } if ((flowtable->data.flags & NFT_FLOWTABLE_HW_OFFLOAD) ^ - (flags & NFT_FLOWTABLE_HW_OFFLOAD)) - return -EOPNOTSUPP; + (flags & NFT_FLOWTABLE_HW_OFFLOAD)) { + err = -EOPNOTSUPP; + goto err_flowtable_update_hook; + } } else { flags = flowtable->data.flags; } |