diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-02 23:38:50 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-03 00:02:11 +0200 |
commit | 371ebcbb9ee62fb46a0a27f358941588f7048678 (patch) | |
tree | 6ab7121e5735fbd75a2667385b66bd460d4dede6 /net/netfilter/nft_counter.c | |
parent | 79b174ade16d90302aef6e14f5eefd0b723c1602 (diff) | |
download | linux-371ebcbb9ee62fb46a0a27f358941588f7048678.tar.gz |
netfilter: nf_tables: add destroy_clone expression
Before this patch, cloned expressions are released via ->destroy. This
is a problem for the new connlimit expression since the ->destroy path
drop a reference on the conntrack modules and it unregisters hooks. The
new ->destroy_clone provides context that this expression is being
released from the packet path, so it is mirroring ->clone(), where
neither module reference is dropped nor hooks need to be unregistered -
because this done from the control plane path from the ->init() path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_counter.c')
-rw-r--r-- | net/netfilter/nft_counter.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c index e59a74d6b7d6a1..a61d7edfc290d8 100644 --- a/net/netfilter/nft_counter.c +++ b/net/netfilter/nft_counter.c @@ -258,6 +258,7 @@ static const struct nft_expr_ops nft_counter_ops = { .eval = nft_counter_eval, .init = nft_counter_init, .destroy = nft_counter_destroy, + .destroy_clone = nft_counter_destroy, .dump = nft_counter_dump, .clone = nft_counter_clone, }; |