diff options
| author | Phil Sutter <phil@nwl.cc> | 2020-10-05 15:54:35 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2020-10-07 12:42:09 +0200 |
| commit | e98b825a037807bf6c918eb66ee9682cc4c46183 (patch) | |
| tree | c54933084332c154f4bc57061b6f5b6d401dfc41 /iptables/nft.c | |
| parent | 0d77e64e8d9b8a3984b01a4951524dc40f61f4b6 (diff) | |
nft: Fix error reporting for refreshed transactions
When preparing a batch from the list of batch objects in nft_action(),
the sequence number used for each object is stored within that object
for later matching against returned error messages. Though if the
transaction has to be refreshed, some of those objects may be skipped,
other objects take over their sequence number and errors are matched to
skipped objects. Avoid this by resetting the skipped object's sequence
number to zero.
Fixes: 58d7de0181f61 ("xtables: handle concurrent ruleset modifications")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft.c')
| -rw-r--r-- | iptables/nft.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index b148b8fa..3958bba2 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2714,9 +2714,10 @@ retry: h->nft_genid++; list_for_each_entry(n, &h->obj_list, head) { - - if (n->skip) + if (n->skip) { + n->seq = 0; continue; + } n->seq = seq++; switch (n->type) { |