Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac34b861 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: decrement chain use counter when replacing rules 



Thus, the chain use counter remains with the same value after the
rule replacement.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a0a7379e

net/netfilter/nf_tables_api.c

+2 −0
Original line number Diff line number Diff line
@@ -1799,6 +1799,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, 
				goto err2;

			}

			nft_rule_disactivate_next(net, old_rule);

			chain->use--;

			list_add_tail_rcu(&rule->list, &old_rule->list);

		} else {

			err = -ENOENT;
@@ -1829,6 +1830,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, 
		list_del_rcu(&nft_trans_rule(trans)->list);

		nft_rule_clear(net, nft_trans_rule(trans));

		nft_trans_destroy(trans);

		chain->use++;

	}

err2:

	nf_tables_rule_destroy(&ctx, rule);