Commit cbc74fc0 authored Jan 03, 2024 by Jakub Kicinski

Merge tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Fix nat packets in the related state in OVS, from Brad Cowie.

2) Drop chain reference counter on error path in case chain binding
   fails.

* tag 'nf-24-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nft_immediate: drop chain reference counter on error
  netfilter: nf_nat: fix action not being set for all ct states
====================

Link: https://lore.kernel.org/r/20240103113001.137936-1-pablo@netfilter.org


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parents b77c1e3b b29be0ca

net/netfilter/nf_nat_ovs.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -75,9 +75,10 @@ static int nf_ct_nat_execute(struct sk_buff skb, struct nf_conn ct,
		}

		err = nf_nat_packet(ct, ctinfo, hooknum, skb);
		out:
		if (err == NF_ACCEPT)
		*action \|= BIT(maniptype);
		out:

		return err;
		}

net/netfilter/nft_immediate.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -78,7 +78,7 @@ static int nft_immediate_init(const struct nft_ctx *ctx,
		case NFT_GOTO:
		err = nf_tables_bind_chain(ctx, chain);
		if (err < 0)
		return err;
		goto err1;
		break;
		default:
		break;