Hi Florian, On Sun, Dec 30, 2018 at 08:10:28PM +0100, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > __nf_tables_dump_rules() stores the current idx value into cb->args[0] > > before returning to caller. With multiple chains present, cb->args[0] is > > therefore updated after each chain's rules have been traversed. This > > though causes the final nf_tables_dump_rules() run (which should return > > an skb->len of zero since no rules are left to dump) to continue dumping > > rules for each but the first chain. Fix this by moving the cb->args[0] > > update to nf_tables_dump_rules(). > > > > With no final action to be performed anymore in > > __nf_tables_dump_rules(), drop 'out_unfinished' jump label and 'rc' > > variable - instead return the appropriate value directly. > > Looks good, but I think this is a bug too: > > list = rhltable_lookup(&table->chains_ht, ctx->chain, > nft_chain_ht_params); > if (!list) > goto done; > > I think this should move to next table instead. Hmm. Yes, assuming that specifying no table but only chain is a valid use-case, this should indeed continue with the next table. I'll send a v2 which includes that fix as well. > (Its not related to the bug at hand though). And not easy to trigger since all known users pass either both table and chain or none of them. :) Thanks, Phil
