From: wenxu <wenxu@xxxxxxxxx>
When the net_device unregister, the netdevice_notifier will release
the related netdev basedchain and rules in this chains. So it is also
need to clear the offload things
Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index fe3b7b0..345df36 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7495,16 +7495,25 @@ int nft_data_dump(struct sk_buff *skb, int attr, const struct nft_data *data,
int __nft_release_basechain(struct nft_ctx *ctx)
{
struct nft_rule *rule, *nr;
+ bool offloaded = false;
if (WARN_ON(!nft_is_base_chain(ctx->chain)))
return 0;
+ if (ctx->chain->flags & NFT_CHAIN_HW_OFFLOAD)
+ offloaded = true;
+
nf_tables_unregister_hook(ctx->net, ctx->chain->table, ctx->chain);
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
+ if (offloaded)
+ nft_flow_offload_rule(ctx->chain, rule,
+ NULL, FLOW_CLS_DESTROY);
list_del(&rule->list);
ctx->chain->use--;
nf_tables_rule_release(ctx, rule);
}
+ if (offloaded)
+ nft_flow_offload_chain(ctx->chain, FLOW_BLOCK_UNBIND);
nft_chain_del(ctx->chain);
ctx->table->use--;
nf_tables_chain_destroy(ctx);
--
1.8.3.1
