www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Phil Sutter <phil@nwl.cc>
	Thu, 9 Jan 2025 17:31:36 +0000 (18:31 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 19 Jan 2025 15:41:54 +0000 (16:41 +0100)
commit	fc0133428e7ad65aa6b7c8e65ccfe86e469e4512
tree	ae33db1dbf7355775d5a50a2a769234a0fa27d56	tree
parent	bc87b75847d86f073a3df56e4ad44265b3d64e44	commit \| diff

netfilter: nf_tables: Tolerate chains with no remaining hooks

Do not drop a netdev-family chain if the last interface it is registered
for vanishes. Users dumping and storing the ruleset upon shutdown to
restore it upon next boot may otherwise lose the chain and all contained
rules. They will still lose the list of devices, a later patch will fix
that. For now, this aligns the event handler's behaviour with that for
flowtables.
The controversal situation at netns exit should be no problem here:
event handler will unregister the hooks, core nftables cleanup code will
drop the chain itself.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_chain_filter.c		diff \| blob \| history