在 2019/11/15 19:25, Pablo Neira Ayuso 写道: > >> net/netfilter/nf_tables_api.c | 14 +++++++++++--- >> 1 file changed, 11 insertions(+), 3 deletions(-) >> >> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c >> index 0f8080e..149de13 100644 >> --- a/net/netfilter/nf_tables_api.c >> +++ b/net/netfilter/nf_tables_api.c >> @@ -6001,12 +6001,20 @@ static int nft_register_flowtable_net_hooks(struct net *net, >> } >> } >> >> - flowtable->data.type->setup(&flowtable->data, hook->ops.dev, >> - FLOW_BLOCK_BIND); >> - err = nf_register_net_hook(net, &hook->ops); >> + err = flowtable->data.type->setup(&flowtable->data, >> + hook->ops.dev, >> + FLOW_BLOCK_BIND); > I'd rather not check for the return value. ->setup returns 0 unless > you use anything else than FLOW_BLOCK_BIND or _UNBIND. Probably better > turn nf_flow_table_block_setup void and add WARN_ON_ONCE() there. If BIND failed. It means hw-offload failed. But the flowtable is set as hw-offload. Maybe it is not too make sense?
