Commit 05abe445 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nf_tables: allow to register flowtable with no devices

A flowtable might be composed of dynamic interfaces only. Such dynamic
interfaces might show up at a later stage. This patch allows users to
register a flowtable with no devices. Once the dynamic interface becomes
available, the user adds the dynamic devices to the flowtable.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent abadb2f8
...@@ -1724,8 +1724,6 @@ static int nf_tables_parse_netdev_hooks(struct net *net, ...@@ -1724,8 +1724,6 @@ static int nf_tables_parse_netdev_hooks(struct net *net,
goto err_hook; goto err_hook;
} }
} }
if (!n)
return -EINVAL;
return 0; return 0;
...@@ -1762,6 +1760,9 @@ static int nft_chain_parse_netdev(struct net *net, ...@@ -1762,6 +1760,9 @@ static int nft_chain_parse_netdev(struct net *net,
hook_list); hook_list);
if (err < 0) if (err < 0)
return err; return err;
if (list_empty(hook_list))
return -EINVAL;
} else { } else {
return -EINVAL; return -EINVAL;
} }
...@@ -6209,8 +6210,7 @@ static int nft_flowtable_parse_hook(const struct nft_ctx *ctx, ...@@ -6209,8 +6210,7 @@ static int nft_flowtable_parse_hook(const struct nft_ctx *ctx,
return err; return err;
if (!tb[NFTA_FLOWTABLE_HOOK_NUM] || if (!tb[NFTA_FLOWTABLE_HOOK_NUM] ||
!tb[NFTA_FLOWTABLE_HOOK_PRIORITY] || !tb[NFTA_FLOWTABLE_HOOK_PRIORITY])
!tb[NFTA_FLOWTABLE_HOOK_DEVS])
return -EINVAL; return -EINVAL;
hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM])); hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
...@@ -6219,11 +6219,13 @@ static int nft_flowtable_parse_hook(const struct nft_ctx *ctx, ...@@ -6219,11 +6219,13 @@ static int nft_flowtable_parse_hook(const struct nft_ctx *ctx,
priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY])); priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY]));
err = nf_tables_parse_netdev_hooks(ctx->net, if (tb[NFTA_FLOWTABLE_HOOK_DEVS]) {
tb[NFTA_FLOWTABLE_HOOK_DEVS], err = nf_tables_parse_netdev_hooks(ctx->net,
&flowtable_hook->list); tb[NFTA_FLOWTABLE_HOOK_DEVS],
if (err < 0) &flowtable_hook->list);
return err; if (err < 0)
return err;
}
flowtable_hook->priority = priority; flowtable_hook->priority = priority;
flowtable_hook->num = hooknum; flowtable_hook->num = hooknum;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment