2023-05-10 12:59:54 +00:00
|
|
|
From 8ab5e29f192187bc12a2064036cf406de60b2cd5 Mon Sep 17 00:00:00 2001
|
2022-05-26 13:50:39 +00:00
|
|
|
From: Phil Sutter <phil@nwl.cc>
|
|
|
|
Date: Mon, 5 Oct 2020 15:54:35 +0200
|
|
|
|
Subject: [PATCH] nft: Fix error reporting for refreshed transactions
|
|
|
|
|
|
|
|
When preparing a batch from the list of batch objects in nft_action(),
|
|
|
|
the sequence number used for each object is stored within that object
|
|
|
|
for later matching against returned error messages. Though if the
|
|
|
|
transaction has to be refreshed, some of those objects may be skipped,
|
|
|
|
other objects take over their sequence number and errors are matched to
|
|
|
|
skipped objects. Avoid this by resetting the skipped object's sequence
|
|
|
|
number to zero.
|
|
|
|
|
|
|
|
Fixes: 58d7de0181f61 ("xtables: handle concurrent ruleset modifications")
|
|
|
|
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
|
Reviewed-by: Florian Westphal <fw@strlen.de>
|
|
|
|
(cherry picked from commit e98b825a037807bf6c918eb66ee9682cc4c46183)
|
|
|
|
---
|
|
|
|
iptables/nft.c | 5 +++--
|
|
|
|
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
|
|
|
|
|
diff --git a/iptables/nft.c b/iptables/nft.c
|
2023-05-10 12:59:54 +00:00
|
|
|
index ec5f7457e4784..d3eb0840a9fc0 100644
|
2022-05-26 13:50:39 +00:00
|
|
|
--- a/iptables/nft.c
|
|
|
|
+++ b/iptables/nft.c
|
2023-05-10 12:59:54 +00:00
|
|
|
@@ -2832,9 +2832,10 @@ static int nft_action(struct nft_handle *h, int action)
|
2022-05-26 13:50:39 +00:00
|
|
|
h->nft_genid++;
|
|
|
|
|
|
|
|
list_for_each_entry(n, &h->obj_list, head) {
|
|
|
|
-
|
|
|
|
- if (n->skip)
|
|
|
|
+ if (n->skip) {
|
|
|
|
+ n->seq = 0;
|
|
|
|
continue;
|
|
|
|
+ }
|
|
|
|
|
|
|
|
n->seq = seq++;
|
|
|
|
switch (n->type) {
|
|
|
|
--
|
2023-05-10 12:59:54 +00:00
|
|
|
2.40.0
|
2022-05-26 13:50:39 +00:00
|
|
|
|