Skip to content

Commit

Permalink
Merge tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/…
Browse files Browse the repository at this point in the history 
…git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix nat packets in the related state in OVS, from Brad Cowie.

2) Drop chain reference counter on error path in case chain binding
   fails.

* tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nft_immediate: drop chain reference counter on error
  netfilter: nf_nat: fix action not being set for all ct states
====================

Link: https://lore.kernel.org/r/20240103113001.137936-1-pablo@netfilter.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
  • Loading branch information
Jakub Kicinski committed Jan 4, 2024
2 parents b77c1e3 + b29be0c commit cbc74fc
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
3 changes: 2 additions & 1 deletion net/netfilter/nf_nat_ovs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,10 @@ static int nf_ct_nat_execute(struct sk_buff *skb, struct nf_conn *ct,
}

err = nf_nat_packet(ct, ctinfo, hooknum, skb);
out:
if (err == NF_ACCEPT)
*action |= BIT(maniptype);
out:

return err;
}

Expand Down
2 changes: 1 addition & 1 deletion net/netfilter/nft_immediate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
case NFT_GOTO:
err = nf_tables_bind_chain(ctx, chain);
if (err < 0)
return err;
goto err1;
break;
default:
break;
Expand Down

0 comments on commit cbc74fc

Please sign in to comment.