| Message ID | 1573618867-9755-1-git-send-email-wenxu@ucloud.cn |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nf] netfilter: nf_tables_offload: Fix check the NETDEV_UNREGISTER in netdev event | expand |
Hi pablo, Any comments about this patch? BR wenxu On 11/13/2019 12:21 PM, wenxu@ucloud.cn wrote: > From: wenxu <wenxu@ucloud.cn> > > It should check the NETDEV_UNREGISTER in nft_offload_netdev_event > > Fixes: 06d392cbe3db ("netfilter: nf_tables_offload: remove rules when the device unregisters") > Signed-off-by: wenxu <wenxu@ucloud.cn> > --- > net/netfilter/nf_tables_offload.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c > index e25dab8..b002832 100644 > --- a/net/netfilter/nf_tables_offload.c > +++ b/net/netfilter/nf_tables_offload.c > @@ -446,6 +446,9 @@ static int nft_offload_netdev_event(struct notifier_block *this, > struct net *net = dev_net(dev); > struct nft_chain *chain; > > + if (event != NETDEV_UNREGISTER) > + return 0; > + > mutex_lock(&net->nft.commit_mutex); > chain = __nft_offload_get_chain(dev); > if (chain)
On Wed, Nov 13, 2019 at 12:21:07PM +0800, wenxu@ucloud.cn wrote: > From: wenxu <wenxu@ucloud.cn> > > It should check the NETDEV_UNREGISTER in nft_offload_netdev_event Applied, thanks.
On Wed, Nov 13, 2019 at 12:21:07PM +0800, wenxu@ucloud.cn wrote: > From: wenxu <wenxu@ucloud.cn> > > It should check the NETDEV_UNREGISTER in nft_offload_netdev_event > > Fixes: 06d392cbe3db ("netfilter: nf_tables_offload: remove rules when the device unregisters") > Signed-off-by: wenxu <wenxu@ucloud.cn> > --- > net/netfilter/nf_tables_offload.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c > index e25dab8..b002832 100644 > --- a/net/netfilter/nf_tables_offload.c > +++ b/net/netfilter/nf_tables_offload.c > @@ -446,6 +446,9 @@ static int nft_offload_netdev_event(struct notifier_block *this, > struct net *net = dev_net(dev); > struct nft_chain *chain; > > + if (event != NETDEV_UNREGISTER) > + return 0; Actually I cannot apply this. if (event != NETDEV_UNREGISTER && event != NETDEV_CHANGENAME) return NOTIFY_DONE; You also have to check for change name and use NOTIFY_DONE as return value instead. Sorry.
On Mon, Dec 02, 2019 at 10:23:10AM +0100, Pablo Neira Ayuso wrote: > On Wed, Nov 13, 2019 at 12:21:07PM +0800, wenxu@ucloud.cn wrote: > > From: wenxu <wenxu@ucloud.cn> > > > > It should check the NETDEV_UNREGISTER in nft_offload_netdev_event > > > > Fixes: 06d392cbe3db ("netfilter: nf_tables_offload: remove rules when the device unregisters") > > Signed-off-by: wenxu <wenxu@ucloud.cn> > > --- > > net/netfilter/nf_tables_offload.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c > > index e25dab8..b002832 100644 > > --- a/net/netfilter/nf_tables_offload.c > > +++ b/net/netfilter/nf_tables_offload.c > > @@ -446,6 +446,9 @@ static int nft_offload_netdev_event(struct notifier_block *this, > > struct net *net = dev_net(dev); > > struct nft_chain *chain; > > > > + if (event != NETDEV_UNREGISTER) > > + return 0; > > Actually I cannot apply this. > > if (event != NETDEV_UNREGISTER && > event != NETDEV_CHANGENAME) > return NOTIFY_DONE; > > You also have to check for change name and use NOTIFY_DONE as return > value instead. Sorry. It's only NOTIFY_DONE that is missing. I'll mangle this patch and apply, no need to send a new version.
diff --git a/net/netfilter/nf_tables_offload.c b/net/netfilter/nf_tables_offload.c index e25dab8..b002832 100644 --- a/net/netfilter/nf_tables_offload.c +++ b/net/netfilter/nf_tables_offload.c @@ -446,6 +446,9 @@ static int nft_offload_netdev_event(struct notifier_block *this, struct net *net = dev_net(dev); struct nft_chain *chain; + if (event != NETDEV_UNREGISTER) + return 0; + mutex_lock(&net->nft.commit_mutex); chain = __nft_offload_get_chain(dev); if (chain)