Commit ac34b861 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nf_tables: decrement chain use counter when replacing rules

Thus, the chain use counter remains with the same value after the
rule replacement.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a0a7379e
...@@ -1799,6 +1799,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, ...@@ -1799,6 +1799,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
goto err2; goto err2;
} }
nft_rule_disactivate_next(net, old_rule); nft_rule_disactivate_next(net, old_rule);
chain->use--;
list_add_tail_rcu(&rule->list, &old_rule->list); list_add_tail_rcu(&rule->list, &old_rule->list);
} else { } else {
err = -ENOENT; err = -ENOENT;
...@@ -1829,6 +1830,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, ...@@ -1829,6 +1830,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
list_del_rcu(&nft_trans_rule(trans)->list); list_del_rcu(&nft_trans_rule(trans)->list);
nft_rule_clear(net, nft_trans_rule(trans)); nft_rule_clear(net, nft_trans_rule(trans));
nft_trans_destroy(trans); nft_trans_destroy(trans);
chain->use++;
} }
err2: err2:
nf_tables_rule_destroy(&ctx, rule); nf_tables_rule_destroy(&ctx, rule);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment