From: Patrick McHardy <kaber@xxxxxxxxx>
Fix missing netlink notification for policy changes.
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 10 ++++++----
1 Datei geändert, 6 Zeilen hinzugefügt(+), 4 Zeilen entfernt(-)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 11502db..4b36b0a 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -783,10 +783,12 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
if (nla[NFTA_CHAIN_POLICY]) {
if (!(chain->flags & NFT_BASE_CHAIN))
return -EOPNOTSUPP;
- return nf_tables_chain_policy(nft_base_chain(chain),
- nla[NFTA_CHAIN_POLICY]);
+ err = nf_tables_chain_policy(nft_base_chain(chain),
+ nla[NFTA_CHAIN_POLICY]);
+ if (err < 0)
+ return err;
}
- return 0;
+ goto notify;
}
if (nla[NFTA_CHAIN_HOOK]) {
@@ -866,7 +868,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
return err;
}
}
-
+notify:
nf_tables_chain_notify(skb, nlh, table, chain, NFT_MSG_NEWCHAIN,
family);
return 0;
--
1.7.11.7
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
