mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-30 06:10:56 +00:00
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
commit01acb2e866
upstream. Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook list. Fixes:60a3815da7
("netfilter: add inet ingress support") Cc: stable@vger.kernel.org Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
0ac9cbe006
commit
70f17b48c8
1 changed files with 9 additions and 2 deletions
|
@ -355,9 +355,10 @@ static int nf_tables_netdev_event(struct notifier_block *this,
|
|||
unsigned long event, void *ptr)
|
||||
{
|
||||
struct net_device *dev = netdev_notifier_info_to_dev(ptr);
|
||||
struct nft_base_chain *basechain;
|
||||
struct nftables_pernet *nft_net;
|
||||
struct nft_table *table;
|
||||
struct nft_chain *chain, *nr;
|
||||
struct nft_table *table;
|
||||
struct nft_ctx ctx = {
|
||||
.net = dev_net(dev),
|
||||
};
|
||||
|
@ -369,7 +370,8 @@ static int nf_tables_netdev_event(struct notifier_block *this,
|
|||
nft_net = nft_pernet(ctx.net);
|
||||
mutex_lock(&nft_net->commit_mutex);
|
||||
list_for_each_entry(table, &nft_net->tables, list) {
|
||||
if (table->family != NFPROTO_NETDEV)
|
||||
if (table->family != NFPROTO_NETDEV &&
|
||||
table->family != NFPROTO_INET)
|
||||
continue;
|
||||
|
||||
ctx.family = table->family;
|
||||
|
@ -378,6 +380,11 @@ static int nf_tables_netdev_event(struct notifier_block *this,
|
|||
if (!nft_is_base_chain(chain))
|
||||
continue;
|
||||
|
||||
basechain = nft_base_chain(chain);
|
||||
if (table->family == NFPROTO_INET &&
|
||||
basechain->ops.hooknum != NF_INET_INGRESS)
|
||||
continue;
|
||||
|
||||
ctx.chain = chain;
|
||||
nft_netdev_event(event, dev, &ctx);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue