Merge tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

kuba-moo · kuba-moo · commit cbc74fc025f9 · 2024-01-03T18:05:23.000-08:00
Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: 1) Fix nat packets in the related state in OVS, from Brad Cowie. 2) Drop chain reference counter on error path in case chain binding fails. * tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: nft_immediate: drop chain reference counter on error netfilter: nf_nat: fix action not being set for all ct states ==================== Link: https://lore.kernel.org/r/20240103113001.137936-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
diff --git a/net/netfilter/nf_nat_ovs.c b/net/netfilter/nf_nat_ovs.c
@@ -75,9 +75,10 @@ static int nf_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
 	}
 
 	err = nf_nat_packet(ct, ctinfo, hooknum, skb);
+out:
 	if (err == NF_ACCEPT)
 		*action |= BIT(maniptype);
-out:
+
 	return err;
 }
 
diff --git a/net/netfilter/nft_immediate.c b/net/netfilter/nft_immediate.c
@@ -78,7 +78,7 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
 		case NFT_GOTO:
 			err = nf_tables_bind_chain(ctx, chain);
 			if (err < 0)
-				return err;
+				goto err1;
 			break;
 		default:
 			break;

Original file line number	Diff line number	Diff line change
`@@ -75,9 +75,10 @@ static int nf_ct_nat_execute(struct sk_buff skb, struct nf_conn ct,`
`75`	`75`	`}`
`76`	`76`
`77`	`77`	`err = nf_nat_packet(ct, ctinfo, hooknum, skb);`
	`78`	`+out:`
`78`	`79`	`if (err == NF_ACCEPT)`
`79`	`80`	`*action \|= BIT(maniptype);`
`80`		`-out:`
	`81`	`+`
`81`	`82`	`return err;`
`82`	`83`	`}`
`83`	`84`