Message ID | 20180110142918.23639-1-pablo@netfilter.org |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | [nf-next] netfilter: core: return EBUSY in case NAT hook is already in use | expand |
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 3f8e2d06b9cc..0f6b8172fb9a 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -140,7 +140,7 @@ nf_hook_entries_grow(const struct nf_hook_entries *old, if (reg->nat_hook && orig_ops[i]->nat_hook) { kvfree(new); - return ERR_PTR(-EEXIST); + return ERR_PTR(-EBUSY); } if (inserted || reg->priority > orig_ops[i]->priority) {
EEXIST is used for an object that already exists, with the same name/handle. However, there no same object there, instead there is a object that is using the single slot that is available for NAT hooks since patch f92b40a8b264 ("netfilter: core: only allow one nat hook per hook point"). Let's change this return value before this behaviour gets exposed in the first -rc1. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- net/netfilter/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)