On Mon, Jun 19, 2023 at 04:57:59PM +0200, Pablo Neira Ayuso wrote:
> Add a new list to track set transaction and to check for unbound
> anonymous sets before entering the commit phase.
>
> Bail out at the end of the transaction handling if an anonymous set
> remains unbound.
>
> Fixes: 96518518cc41 ("netfilter: add nftables")
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> include/net/netfilter/nf_tables.h | 2 ++
> net/netfilter/nf_tables_api.c | 35 ++++++++++++++++++++++++++++---
> 2 files changed, 34 insertions(+), 3 deletions(-)
>
> diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
> index f84b6daea5c4..93fd52139274 100644
> --- a/include/net/netfilter/nf_tables.h
> +++ b/include/net/netfilter/nf_tables.h
> @@ -1580,6 +1580,7 @@ static inline void nft_set_elem_clear_busy(struct nft_set_ext *ext)
> */
> struct nft_trans {
> struct list_head list;
> + struct list_head binding_list;
> int msg_type;
> bool put_net;
> struct nft_ctx ctx;
Hi Pablo,
at some point it would be good to add binding_list to the
kernel doc for struct nft_trans.
