netfilter: nf_tables: make valid_genid callback mandatory

always call this function, followup patch can use this to aquire a per-netns transaction log to guard the entire batch instead of using the nfnl susbsys mutex (which is shared among all namespaces). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2018-07-11 07:45:11 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-07-18 05:26:45 -0400
commit: ca2f18be792fddd0db2bbf6cbe1ec12d1bb32dd7 (patch)
tree: 706fd92db3b395541a5c2d8d6b4c8aa7db846723 /net/netfilter
parent: 452238e8d5ffd8b77f92387519513839d4ca7379 (diff)
2 files changed, 3 insertions, 3 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 5e95e92e547b..594b395442d6 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6591,7 +6591,7 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb)
 static bool nf_tables_valid_genid(struct net *net, u32 genid)
 {
-        return net->nft.base_seq == genid;
+        return genid == 0 || net->nft.base_seq == genid;
 }
 static const struct nfnetlink_subsystem nf_tables_subsys = {
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index e1b6be29848d..94f9bcaa0799 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -331,13 +331,13 @@ replay:
                }
        }
-        if (!ss->commit || !ss->abort) {
+        if (!ss->valid_genid || !ss->commit || !ss->abort) {
                nfnl_unlock(subsys_id);
                netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
                return kfree_skb(skb);
        }
-        if (genid && ss->valid_genid && !ss->valid_genid(net, genid)) {
+        if (!ss->valid_genid(net, genid)) {
                nfnl_unlock(subsys_id);
                netlink_ack(oskb, nlh, -ERESTART, NULL);
                return kfree_skb(skb);
author	Florian Westphal <fw@strlen.de>	2018-07-11 07:45:11 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-07-18 05:26:45 -0400
commit	ca2f18be792fddd0db2bbf6cbe1ec12d1bb32dd7 (patch)
tree	706fd92db3b395541a5c2d8d6b4c8aa7db846723 /net/netfilter
parent	452238e8d5ffd8b77f92387519513839d4ca7379 (diff)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 5e95e92e547b..594b395442d6 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c
@@ -6591,7 +6591,7 @@ static int nf_tables_abort(struct net net, struct sk_buff skb)
6591		6591
6592	static bool nf_tables_valid_genid(struct net *net, u32 genid)	6592	static bool nf_tables_valid_genid(struct net *net, u32 genid)
6593	{	6593	{
6594	return net->nft.base_seq == genid;	6594	return genid == 0 \|\| net->nft.base_seq == genid;
6595	}	6595	}
6596		6596
6597	static const struct nfnetlink_subsystem nf_tables_subsys = {	6597	static const struct nfnetlink_subsystem nf_tables_subsys = {


diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index e1b6be29848d..94f9bcaa0799 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c
@@ -331,13 +331,13 @@ replay:
331	}	331	}
332	}	332	}
333		333
334	if (!ss->commit \|\| !ss->abort) {	334	if (!ss->valid_genid \|\| !ss->commit \|\| !ss->abort) {
335	nfnl_unlock(subsys_id);	335	nfnl_unlock(subsys_id);
336	netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);	336	netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
337	return kfree_skb(skb);	337	return kfree_skb(skb);
338	}	338	}
339		339
340	if (genid && ss->valid_genid && !ss->valid_genid(net, genid)) {	340	if (!ss->valid_genid(net, genid)) {
341	nfnl_unlock(subsys_id);	341	nfnl_unlock(subsys_id);
342	netlink_ack(oskb, nlh, -ERESTART, NULL);	342	netlink_ack(oskb, nlh, -ERESTART, NULL);
343	return kfree_skb(skb);	343	return kfree_skb(skb);