Commit c271cc9f authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: release new hooks on unsupported flowtable flags 



Release the list of new hooks that are pending to be registered in case
that unsupported flowtable flags are provided.

Fixes: 78d9f48f ("netfilter: nf_tables: add devices to existing flowtable")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 2c9e4559

net/netfilter/nf_tables_api.c

+8 −4
Original line number Diff line number Diff line
@@ -7433,11 +7433,15 @@ static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh, 


	if (nla[NFTA_FLOWTABLE_FLAGS]) {

		flags = ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS]));

		if (flags & ~NFT_FLOWTABLE_MASK)

			return -EOPNOTSUPP;

		if (flags & ~NFT_FLOWTABLE_MASK) {

			err = -EOPNOTSUPP;

			goto err_flowtable_update_hook;

		}

		if ((flowtable->data.flags & NFT_FLOWTABLE_HW_OFFLOAD) ^

		    (flags & NFT_FLOWTABLE_HW_OFFLOAD))

			return -EOPNOTSUPP;

		    (flags & NFT_FLOWTABLE_HW_OFFLOAD)) {

			err = -EOPNOTSUPP;

			goto err_flowtable_update_hook;

		}

	} else {

		flags = flowtable->data.flags;

	}