A validate callback is called just before calling a ->commit callback.
If it is failed, ->abort is called.
Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
---
net/netfilter/nfnetlink.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index 03ead8a..b9b6401 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -441,8 +441,21 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
kfree_skb(skb);
goto replay;
} else if (status == NFNL_BATCH_DONE) {
+ if (ss->validate) {
+ err = ss->validate(net);
+ if (err < 0) {
+ if (nfnl_err_add(&err_list, nlmsg_hdr(oskb),
+ err, &extack) < 0) {
+ nfnl_err_reset(&err_list);
+ netlink_ack(oskb, nlmsg_hdr(oskb),
+ -ENOMEM, NULL);
+ }
+ goto abort;
+ }
+ }
ss->commit(net, oskb);
} else {
+abort:
ss->abort(net, oskb);
}
--
2.9.3
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
