Insert the new rule after the existing stale one that will be removed in the commit phase. Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/nf_tables_api.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 755d596..0e55e1b 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1659,7 +1659,8 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, rupd = nf_tables_trans_add(old_rule, &ctx); if (rupd == NULL) goto err2; - list_add_tail_rcu(&rule->list, &chain->rules); + + list_add_tail(&rule->list, &old_rule->list); } else if (nlh->nlmsg_flags & NLM_F_APPEND) if (old_rule) list_add_rcu(&rule->list, &old_rule->list); -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
