netfilter pull request 24-01-03

-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmWVRBgACgkQ1V2XiooU IOQKmQ//RxsxlOcFc0R1HbwUDduB31Yl05A30FbPmzN7Ma9I/XT3oPpWxExcBb6z baGjK7rlfJk6BOfwo8sHr+Fsz6nvnKTvKzxdNMRt42KD0KS+x/YjOWYaBJcULWRd 4zRNQe5bWBu/BWBna05YnuQ0w0u3aXw6F/IWt9d+lObqILSpvNTk9Ju8vHjmOxWO pa5JhtIhrPNAp+DOaSiCR4wA/XJnj9+Io0h65Cq6GM/GZYeV18fNID6e22IIfojQ GAg6FjS4zeROAk+/iymaAtV9hbnXNLIeJwJVI34edJPjbWK7kzuxpRd1l8WzBU+P rNWcYJTxALsMh4Ger+oaSXhIExvTJr3yJpZWtwBXGKL9SDbKBJlCiO1I/+fkr4N8 wfxKzC93AzLdRze4CK8r36veuZaAbsQuhgA3W1RiTZjdwBdo0CHJe8tIW4/qxXgE 4F1vjdoA2q7u0DM+GVZ6FWe1B3mQWb3XD42WzdUJeHhpfKFxQ61mQ+35+TqNYq6+ TeNleGF7BkpAjsFl0Gadhj9TQYSAPpY6rFaRzPjy1aFvHZdmPZhhyr8kCZQDjQHC zWIxYwfy2WyT4FLEkJsJxCwc674ehnJpMSWKt1/vduZ8o+fBasqQaikKu0I/01p1 dTRp6pBC2Sazz582DFKwUVyL4R72uOf6NcFDsM2DMNZRijHWUMY= =BsTS -----END PGP SIGNATURE----- Merge tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Fix nat packets in the related state in OVS, from Brad Cowie. 2) Drop chain reference counter on error path in case chain binding fails. * tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nft_immediate: drop chain reference counter on error netfilter: nf_nat: fix action not being set for all ct states ==================== Link: https://lore.kernel.org/r/20240103113001.137936-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-12-11 13:04:03 +08:00 · 2024-01-03 18:05:23 -08:00 · 2024-01-03 18:05:23 -08:00 · cbc74fc025
commit cbc74fc025
parent b77c1e3b9f b29be0ca8e
2 changed files with 3 additions and 2 deletions
--- a/net/netfilter/nf_nat_ovs.c
+++ b/net/netfilter/nf_nat_ovs.c
@ -75,9 +75,10 @@ static int nf_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
 	}

 	err = nf_nat_packet(ct, ctinfo, hooknum, skb);
+out:
 	if (err == NF_ACCEPT)
 		*action |= BIT(maniptype);
-out:
+
 	return err;
 }

--- a/net/netfilter/nft_immediate.c
+++ b/net/netfilter/nft_immediate.c
@ -78,7 +78,7 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
 		case NFT_GOTO:
 			err = nf_tables_bind_chain(ctx, chain);
 			if (err < 0)
-				return err;
+				goto err1;
 			break;
 		default:
 			break;