Phil Sutter <phil@xxxxxx> wrote:
> __nf_tables_dump_rules() stores the current idx value into cb->args[0]
> before returning to caller. With multiple chains present, cb->args[0] is
> therefore updated after each chain's rules have been traversed. This
> though causes the final nf_tables_dump_rules() run (which should return
> an skb->len of zero since no rules are left to dump) to continue dumping
> rules for each but the first chain. Fix this by moving the cb->args[0]
> update to nf_tables_dump_rules().
>
> With no final action to be performed anymore in
> __nf_tables_dump_rules(), drop 'out_unfinished' jump label and 'rc'
> variable - instead return the appropriate value directly.
Looks good, but I think this is a bug too:
list = rhltable_lookup(&table->chains_ht, ctx->chain,
nft_chain_ht_params);
if (!list)
goto done;
I think this should move to next table instead.
(Its not related to the bug at hand though).
