netfilter: nf_tables: make valid_genid callback mandatory

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

always call this function, followup patch can use this to
aquire a per-netns transaction log to guard the entire batch
instead of using the nfnl susbsys mutex (which is shared among all
namespaces).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 7 years ago ca2f18be 452238e8

+3 -3

2 changed files

expand all

net

netfilter

nf_tables_api.c

nfnetlink.c

+1 -1

net/netfilter/nf_tables_api.c

··· 6591 6591 6592 6592 static bool nf_tables_valid_genid(struct net *net, u32 genid) 6593 6593 { 6594 - return net->nft.base_seq == genid; 6594 + return genid == 0 || net->nft.base_seq == genid; 6595 6595 } 6596 6596 6597 6597 static const struct nfnetlink_subsystem nf_tables_subsys = {

+2 -2

net/netfilter/nfnetlink.c

··· 331 331 } 332 332 } 333 333 334 - if (!ss->commit || !ss->abort) { 334 + if (!ss->valid_genid || !ss->commit || !ss->abort) { 335 335 nfnl_unlock(subsys_id); 336 336 netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL); 337 337 return kfree_skb(skb); 338 338 } 339 339 340 - if (genid && ss->valid_genid && !ss->valid_genid(net, genid)) { 340 + if (!ss->valid_genid(net, genid)) { 341 341 nfnl_unlock(subsys_id); 342 342 netlink_ack(oskb, nlh, -ERESTART, NULL); 343 343 return kfree_skb(skb);