]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commitdiff
netfilter: nf_tables: fix error path in the init functions
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 9 Jan 2014 19:32:19 +0000 (20:32 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 9 Jan 2014 22:25:48 +0000 (23:25 +0100)
We have to unregister chain type if this fails to register netns.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/nf_tables_ipv4.c
net/ipv6/netfilter/nf_tables_ipv6.c
net/netfilter/nf_tables_inet.c

index fec163a6ac38fe8716c865f3bb6eaec8fd63476f..6820c8c40842170039cfad8645ca72d88508daa1 100644 (file)
@@ -105,8 +105,14 @@ static const struct nf_chain_type filter_ipv4 = {
 
 static int __init nf_tables_ipv4_init(void)
 {
+       int ret;
+
        nft_register_chain_type(&filter_ipv4);
-       return register_pernet_subsys(&nf_tables_ipv4_net_ops);
+       ret = register_pernet_subsys(&nf_tables_ipv4_net_ops);
+       if (ret < 0)
+               nft_unregister_chain_type(&filter_ipv4);
+
+       return ret;
 }
 
 static void __exit nf_tables_ipv4_exit(void)
index 59a43b474dcaefaeaca37bcb5ee743471afb4a24..0d812b31277d9eb04133dbc880e0e151e0f2cf1f 100644 (file)
@@ -104,8 +104,14 @@ static const struct nf_chain_type filter_ipv6 = {
 
 static int __init nf_tables_ipv6_init(void)
 {
+       int ret;
+
        nft_register_chain_type(&filter_ipv6);
-       return register_pernet_subsys(&nf_tables_ipv6_net_ops);
+       ret = register_pernet_subsys(&nf_tables_ipv6_net_ops);
+       if (ret < 0)
+               nft_unregister_chain_type(&filter_ipv6);
+
+       return ret;
 }
 
 static void __exit nf_tables_ipv6_exit(void)
index 84478de179eaf760388189627ac1575655c39515..9dd2d216cfc14c7e3e2166757ae65924341bd116 100644 (file)
@@ -80,8 +80,14 @@ static const struct nf_chain_type filter_inet = {
 
 static int __init nf_tables_inet_init(void)
 {
+       int ret;
+
        nft_register_chain_type(&filter_inet);
-       return register_pernet_subsys(&nf_tables_inet_net_ops);
+       ret = register_pernet_subsys(&nf_tables_inet_net_ops);
+       if (ret < 0)
+               nft_unregister_chain_type(&filter_inet);
+
+       return ret;
 }
 
 static void __exit nf_tables_inet_exit(void)