| Message ID | 20201005144858.11578-3-phil@nwl.cc |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | nft: Fix transaction refreshing | expand |
Phil Sutter <phil@nwl.cc> wrote: > When preparing a batch from the list of batch objects in nft_action(), > the sequence number used for each object is stored within that object > for later matching against returned error messages. Though if the > transaction has to be refreshed, some of those objects may be skipped, > other objects take over their sequence number and errors are matched to > skipped objects. Avoid this by resetting the skipped object's sequence > number to zero. Reviewed-by: Florian Westphal <fw@strlen.de>
diff --git a/iptables/nft.c b/iptables/nft.c index 09421cf4eaaec..70be9ba908edc 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2729,9 +2729,10 @@ retry: h->nft_genid++; list_for_each_entry(n, &h->obj_list, head) { - - if (n->skip) + if (n->skip) { + n->seq = 0; continue; + } n->seq = seq++; switch (n->type) {
When preparing a batch from the list of batch objects in nft_action(), the sequence number used for each object is stored within that object for later matching against returned error messages. Though if the transaction has to be refreshed, some of those objects may be skipped, other objects take over their sequence number and errors are matched to skipped objects. Avoid this by resetting the skipped object's sequence number to zero. Fixes: 58d7de0181f61 ("xtables: handle concurrent ruleset modifications") Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/nft.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)