netfilter: nf_tables: make valid_genid callback mandatory

always call this function, followup patch can use this to aquire a per-netns transaction log to guard the entire batch instead of using the nfnl susbsys mutex (which is shared among all namespaces). Signed-off-by: N Florian Westphal <fw@strlen.de> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_tables: make valid_genid callback mandatory
always call this function, followup patch can use this to aquire a per-netns transaction log to guard the entire batch instead of using the nfnl susbsys mutex (which is shared among all namespaces). Signed-off-by: N Florian Westphal <fw@strlen.de> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
ca2f18be · Florian Westphal · Pablo Neira Ayuso · 452238e8 · ca2f18be · ca2f18be
隐藏空白更改
内联并排

Showing with 3 addition and 3 deletion

net/netfilter/nf_tables_api.c net/netfilter/nf_tables_api.c +1 -1

net/netfilter/nfnetlink.c net/netfilter/nfnetlink.c +2 -2

未找到文件。
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6591,7 +6591,7 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb)
 static bool nf_tables_valid_genid(struct net *net, u32 genid)
 {
-	return net->nft.base_seq == genid;
+	return genid == 0 || net->nft.base_seq == genid;
 }
 static const struct nfnetlink_subsystem nf_tables_subsys = {

--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -331,13 +331,13 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh,
 		}
 	}
-	if (!ss->commit || !ss->abort) {
+	if (!ss->valid_genid || !ss->commit || !ss->abort) {
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);
 		return kfree_skb(skb);
 	}
-	if (genid && ss->valid_genid && !ss->valid_genid(net, genid)) {
+	if (!ss->valid_genid(net, genid)) {
 		nfnl_unlock(subsys_id);
 		netlink_ack(oskb, nlh, -ERESTART, NULL);
 		return kfree_skb(skb);