projects / cascardo / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge tag 'tegra-for-3.17-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra...
[cascardo/linux.git] / net / netfilter / nf_tables_api.c
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 624e083..ab4566c 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1730,6 +1730,9 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
                if (!create || nlh->nlmsg_flags & NLM_F_REPLACE)
                        return -EINVAL;
                handle = nf_tables_alloc_handle(table);
+
+               if (chain->use == UINT_MAX)
+                       return -EOVERFLOW;
        }
 
        if (nla[NFTA_RULE_POSITION]) {
@@ -1789,14 +1792,15 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
 
        if (nlh->nlmsg_flags & NLM_F_REPLACE) {
                if (nft_rule_is_active_next(net, old_rule)) {
-                       trans = nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE,
+                       trans = nft_trans_rule_add(&ctx, NFT_MSG_DELRULE,
                                                   old_rule);
                        if (trans == NULL) {
                                err = -ENOMEM;
                                goto err2;
                        }
                        nft_rule_disactivate_next(net, old_rule);
-                       list_add_tail(&rule->list, &old_rule->list);
+                       chain->use--;
+                       list_add_tail_rcu(&rule->list, &old_rule->list);
                } else {
                        err = -ENOENT;
                        goto err2;
@@ -1826,6 +1830,7 @@ err3:
                list_del_rcu(&nft_trans_rule(trans)->list);
                nft_rule_clear(net, nft_trans_rule(trans));
                nft_trans_destroy(trans);
+               chain->use++;
        }
 err2:
        nf_tables_rule_destroy(&ctx, rule);
@@ -2845,7 +2850,7 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
                goto nla_put_failure;
 
        nfmsg = nlmsg_data(nlh);
-       nfmsg->nfgen_family = NFPROTO_UNSPEC;
+       nfmsg->nfgen_family = ctx.afi->family;
        nfmsg->version      = NFNETLINK_V0;
        nfmsg->res_id       = 0;
 
Unnamed repository; edit this file 'description' to name the repository.