summaryrefslogtreecommitdiff
path: root/net/netfilter
diff options
context:
space:
mode:
authorwenxu <wenxu@ucloud.cn>2019-11-15 19:21:26 +0800
committerPablo Neira Ayuso <pablo@netfilter.org>2019-11-15 23:44:53 +0100
commitd7c03a9f5c2577b29a7699bbaa1c1cbcfb56afd3 (patch)
tree691b13a7abfaa99d147a3a003c905f8632050be7 /net/netfilter
parent63b48c73ff567bbab1f940d6e8f3f48607077a13 (diff)
netfilter: nf_tables: check if bind callback fails and unbind if hook registration fails
Undo the callback binding before unregistering the existing hooks. This should also check for error of the bind setup call. Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support") Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nf_tables_api.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 4f0d880a8496..9340b976d85c 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6006,12 +6006,20 @@ static int nft_register_flowtable_net_hooks(struct net *net,
}
}
- flowtable->data.type->setup(&flowtable->data, hook->ops.dev,
- FLOW_BLOCK_BIND);
- err = nf_register_net_hook(net, &hook->ops);
+ err = flowtable->data.type->setup(&flowtable->data,
+ hook->ops.dev,
+ FLOW_BLOCK_BIND);
if (err < 0)
goto err_unregister_net_hooks;
+ err = nf_register_net_hook(net, &hook->ops);
+ if (err < 0) {
+ flowtable->data.type->setup(&flowtable->data,
+ hook->ops.dev,
+ FLOW_BLOCK_UNBIND);
+ goto err_unregister_net_hooks;
+ }
+
i++;
}