diff options
| author | David S. Miller <davem@davemloft.net> | 2023-06-10 21:57:03 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2023-06-10 21:57:03 +0300 |
| commit | 65d8bd81aa15c36d9703f4393651d10edf1f030c (patch) | |
| tree | 73e33ed512c65a67ec44ef782a8414e2994c82d5 /include/net | |
| parent | b403643d154d15176b060b82f7fc605210033edd (diff) | |
| parent | 1240eb93f0616b21c675416516ff3d74798fdc97 (diff) | |
| download | linux-65d8bd81aa15c36d9703f4393651d10edf1f030c.tar.xz | |
Merge tag 'nf-23-06-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf
netfilter pull request 23-06-08
Pablo Neira Ayuso says:
====================
The following patchset contains Netfilter fixes for net:
1) Add commit and abort set operation to pipapo set abort path.
2) Bail out immediately in case of ENOMEM in nfnetlink batch.
3) Incorrect error path handling when creating a new rule leads to
dangling pointer in set transaction list.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 2e24ea1d744c..83db182decc8 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -462,7 +462,8 @@ struct nft_set_ops { const struct nft_set *set, const struct nft_set_elem *elem, unsigned int flags); - + void (*commit)(const struct nft_set *set); + void (*abort)(const struct nft_set *set); u64 (*privsize)(const struct nlattr * const nla[], const struct nft_set_desc *desc); bool (*estimate)(const struct nft_set_desc *desc, @@ -557,6 +558,7 @@ struct nft_set { u16 policy; u16 udlen; unsigned char *udata; + struct list_head pending_update; /* runtime data below here */ const struct nft_set_ops *ops ____cacheline_aligned; u16 flags:14, |