Hi Taehee,
I can reproduce it, so this is a bug :-). Still one question below:
On Tue, Oct 02, 2018 at 02:17:14AM +0900, Taehee Yoo wrote:
[...]
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index f0159eea2978..42487d01a3ed 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -7280,9 +7280,6 @@ static void __nft_release_tables(struct net *net)
>
> list_for_each_entry(chain, &table->chains, list)
> nf_tables_unregister_hook(net, table, chain);
> - list_for_each_entry(flowtable, &table->flowtables, list)
> - nf_unregister_net_hooks(net, flowtable->ops,
> - flowtable->ops_len);
Hm, why do we still need for basechains with device, ie. from ingress?
I might be missing something...
> /* No packets are walking on these chains anymore. */
> ctx.table = table;
> list_for_each_entry(chain, &table->chains, list) {
> --
> 2.17.1
>
