Skip to content

Commit

Permalink
netfilter: nftables: skip hook overlap logic if flowtable is stale
Browse files Browse the repository at this point in the history 
If the flowtable has been previously removed in this batch, skip the
hook overlap checks. This fixes spurious EEXIST errors when removing and
adding the flowtable in the same batch.

Signed-off-by: Pablo Neira Ayuso <[email protected]>
  • Loading branch information
@ummakynes
ummakynes committed Mar 18, 2021
1 parent 740b486 commit 86fe2c1
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/netfilter/nf_tables_api.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6783,6 +6783,9 @@ static int nft_register_flowtable_net_hooks(struct net *net,

list_for_each_entry(hook, hook_list, list) {
list_for_each_entry(ft, &table->flowtables, list) {
if (!nft_is_active_next(net, ft))
continue;

list_for_each_entry(hook2, &ft->hook_list, list) {
if (hook->ops.dev == hook2->ops.dev &&
hook->ops.pf == hook2->ops.pf) {
Expand Down

0 comments on commit 86fe2c1

Please sign in to comment.