Blame SOURCES/0027-nft-Fix-error-reporting-for-refreshed-transactions.patch
|
 |
9c35a8 |
From 2dff9a669400644ec1e66d394b03d743eec2cd55 Mon Sep 17 00:00:00 2001
|
|
|
9c35a8 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
9c35a8 |
Date: Mon, 5 Oct 2020 15:54:35 +0200
|
|
|
9c35a8 |
Subject: [PATCH] nft: Fix error reporting for refreshed transactions
|
|
|
9c35a8 |
|
|
|
9c35a8 |
When preparing a batch from the list of batch objects in nft_action(),
|
|
|
9c35a8 |
the sequence number used for each object is stored within that object
|
|
|
9c35a8 |
for later matching against returned error messages. Though if the
|
|
|
9c35a8 |
transaction has to be refreshed, some of those objects may be skipped,
|
|
|
9c35a8 |
other objects take over their sequence number and errors are matched to
|
|
|
9c35a8 |
skipped objects. Avoid this by resetting the skipped object's sequence
|
|
|
9c35a8 |
number to zero.
|
|
|
9c35a8 |
|
|
|
9c35a8 |
Fixes: 58d7de0181f61 ("xtables: handle concurrent ruleset modifications")
|
|
|
9c35a8 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
9c35a8 |
Reviewed-by: Florian Westphal <fw@strlen.de>
|
|
|
9c35a8 |
(cherry picked from commit e98b825a037807bf6c918eb66ee9682cc4c46183)
|
|
|
9c35a8 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
9c35a8 |
---
|
|
|
9c35a8 |
iptables/nft.c | 5 +++--
|
|
|
9c35a8 |
1 file changed, 3 insertions(+), 2 deletions(-)
|
|
|
9c35a8 |
|
|
|
9c35a8 |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
9c35a8 |
index 0efd18d57320f..d661ac2cafda6 100644
|
|
|
9c35a8 |
--- a/iptables/nft.c
|
|
|
9c35a8 |
+++ b/iptables/nft.c
|
|
|
9c35a8 |
@@ -2767,9 +2767,10 @@ retry:
|
|
|
9c35a8 |
h->nft_genid++;
|
|
|
9c35a8 |
|
|
|
9c35a8 |
list_for_each_entry(n, &h->obj_list, head) {
|
|
|
9c35a8 |
-
|
|
|
9c35a8 |
- if (n->skip)
|
|
|
9c35a8 |
+ if (n->skip) {
|
|
|
9c35a8 |
+ n->seq = 0;
|
|
|
9c35a8 |
continue;
|
|
|
9c35a8 |
+ }
|
|
|
9c35a8 |
|
|
|
9c35a8 |
n->seq = seq++;
|
|
|
9c35a8 |
switch (n->type) {
|
|
|
9c35a8 |
--
|
|
|
9c35a8 |
2.28.0
|
|
|
9c35a8 |
|