On Sun, Dec 30, 2018 at 05:27:43PM +0100, Phil Sutter wrote: > __nf_tables_dump_rules() stores the current idx value into cb->args[0] > before returning to caller. With multiple chains present, cb->args[0] is > therefore updated after each chain's rules have been traversed. This > though causes the final nf_tables_dump_rules() run (which should return > an skb->len of zero since no rules are left to dump) to continue dumping > rules for each but the first chain. Fix this by moving the cb->args[0] > update to nf_tables_dump_rules(). > > With no final action to be performed anymore in > __nf_tables_dump_rules(), drop 'out_unfinished' jump label and 'rc' > variable - instead return the appropriate value directly. Applied patch v1, thanks Phil.
