netfilter: nf_tables: fix error handling of rule replacement

In general, if a transaction object is added to the list successfully, we can rely on the abort path to undo what we've done. This allows us to simplify the error handling of the rule replacement path in nf_tables_newrule(). This implicitly fixes an unnecessary removal of the old rule, which needs to be left in place if we fail to replace. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-03-04 11:55:27 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-03-04 12:46:08 -0500
commit: 59900e0a019e7c2bdb7809a03ed5742d311b15b3 (patch)
tree: d128e560d9936517baaf94261444682fae727097
parent: 86f1ec32318159a24de349f0a38e79b9d2b3131a (diff)
1 files changed, 0 insertions, 6 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 74e4b876c96e..6ab777912237 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2045,12 +2045,6 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
 err3:
        list_del_rcu(&rule->list);
-        if (trans) {
-                list_del_rcu(&nft_trans_rule(trans)->list);
-                nft_rule_clear(net, nft_trans_rule(trans));
-                nft_trans_destroy(trans);
-                chain->use++;
-        }
 err2:
        nf_tables_rule_destroy(&ctx, rule);
 err1:
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-03-04 11:55:27 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-03-04 12:46:08 -0500
commit	59900e0a019e7c2bdb7809a03ed5742d311b15b3 (patch)
tree	d128e560d9936517baaf94261444682fae727097
parent	86f1ec32318159a24de349f0a38e79b9d2b3131a (diff)