netfilter: nf_tables: add destroy_clone expression

Before this patch, cloned expressions are released via ->destroy. This is a problem for the new connlimit expression since the ->destroy path drop a reference on the conntrack modules and it unregisters hooks. The new ->destroy_clone provides context that this expression is being released from the packet path, so it is mirroring ->clone(), where neither module reference is dropped nor hooks need to be unregistered - because this done from the control plane path from the ->init() path. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-02 23:38:50 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-03 00:02:11 +0200
commit: 371ebcbb9ee62fb46a0a27f358941588f7048678 (patch)
tree: 6ab7121e5735fbd75a2667385b66bd460d4dede6 /net/netfilter/nft_counter.c
parent: 79b174ade16d90302aef6e14f5eefd0b723c1602 (diff)
download: linux-371ebcbb9ee62fb46a0a27f358941588f7048678.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_counter.c b/net/netfilter/nft_counter.c
index e59a74d6b7d6a1..a61d7edfc290d8 100644
--- a/net/netfilter/nft_counter.c
+++ b/net/netfilter/nft_counter.c
@@ -258,6 +258,7 @@ static const struct nft_expr_ops nft_counter_ops = {
 	.eval		= nft_counter_eval,
 	.init		= nft_counter_init,
 	.destroy	= nft_counter_destroy,
+	.destroy_clone	= nft_counter_destroy,
 	.dump		= nft_counter_dump,
 	.clone		= nft_counter_clone,
 };
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-02 23:38:50 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-03 00:02:11 +0200
commit	371ebcbb9ee62fb46a0a27f358941588f7048678 (patch)
tree	6ab7121e5735fbd75a2667385b66bd460d4dede6 /net/netfilter/nft_counter.c
parent	79b174ade16d90302aef6e14f5eefd0b723c1602 (diff)
download	linux-371ebcbb9ee62fb46a0a27f358941588f7048678.tar.gz