]> www.infradead.org Git - users/dwmw2/linux.git/commit
projects / users / dwmw2 / linux.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: e189ae1) | patch
netfilter: nf_tables: reverse order in rule replacement expansion
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 24 Sep 2021 22:27:38 +0000 (00:27 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 28 Sep 2021 11:04:56 +0000 (13:04 +0200)
commit2c964c558641a3bddaee5719c9e6d8805f777812
tree817fd061d9ed87935049b38413ec33fdbe53f1catree
parente189ae161dd784aa5d454b0832f818cacc0e131bcommit | diff
netfilter: nf_tables: reverse order in rule replacement expansion

Deactivate old rule first, then append the new rule, so rule replacement
notification via netlink first reports the deletion of the old rule with
handle X in first place, then it adds the new rule (reusing the handle X
of the replaced old rule).

Note that the abort path releases the transaction that has been created
by nft_delrule() on error.

Fixes: ca08987885a1 ("netfilter: nf_tables: deactivate expressions in rule replecement routine")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.