netfilter: nf_tables: fix register ordering

author Florian Westphal <fw@strlen.de>

Thu, 2 Aug 2018 19:44:40 +0000 (21:44 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Thu, 16 Aug 2018 17:37:02 +0000 (19:37 +0200)
author Florian Westphal <fw@strlen.de>
Thu, 2 Aug 2018 19:44:40 +0000 (21:44 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Thu, 16 Aug 2018 17:37:02 +0000 (19:37 +0200)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h

index 552bfbef1bf1bb29e2934aac9b545f1bdb226ead..0f39ac487012c3075a3154c65b22504a15063dcd 100644 (file)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1374,6 +1374,6 @@ struct nft_trans_flowtable {
         (((struct nft_trans_flowtable *)trans->data)->flowtable)
  
  int __init nft_chain_filter_init(void);
-void __exit nft_chain_filter_fini(void);
+void nft_chain_filter_fini(void);
  
  #endif /* _NET_NF_TABLES_H */
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c

index 3008f93469c49b3b15304a2277a55229cb24fbb1..80636cc596868fe48214d4d026041cc6160d5635 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7273,21 +7273,36 @@ static int __init nf_tables_module_init(void)
  {
         int err;
  
-       nft_chain_filter_init();
+       err = register_pernet_subsys(&nf_tables_net_ops);
+       if (err < 0)
+               return err;
+
+       err = nft_chain_filter_init();
+       if (err < 0)
+               goto err1;
  
         err = nf_tables_core_module_init();
         if (err < 0)
-               return err;
+               goto err2;
  
-       err = nfnetlink_subsys_register(&nf_tables_subsys);
+       err = register_netdevice_notifier(&nf_tables_flowtable_notifier);
         if (err < 0)
-               goto err;
+               goto err3;
  
-       register_netdevice_notifier(&nf_tables_flowtable_notifier);
+       /* must be last */
+       err = nfnetlink_subsys_register(&nf_tables_subsys);
+       if (err < 0)
+               goto err4;
  
-       return register_pernet_subsys(&nf_tables_net_ops);
-err:
+       return err;
+err4:
+       unregister_netdevice_notifier(&nf_tables_flowtable_notifier);
+err3:
         nf_tables_core_module_exit();
+err2:
+       nft_chain_filter_fini();
+err1:
+       unregister_pernet_subsys(&nf_tables_net_ops);
         return err;
  }
  
diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c

index ea5b7c4944f69442c5811fb9124de53b8a19dc10..9d07b277b9eeccffef8ddf63b93b78729869ca09 100644 (file)
--- a/net/netfilter/nft_chain_filter.c
+++ b/net/netfilter/nft_chain_filter.c
@@ -392,7 +392,7 @@ int __init nft_chain_filter_init(void)
         return 0;
  }
  
-void __exit nft_chain_filter_fini(void)
+void nft_chain_filter_fini(void)
  {
         nft_chain_filter_bridge_fini();
         nft_chain_filter_inet_fini();
author	Florian Westphal <fw@strlen.de>
	Thu, 2 Aug 2018 19:44:40 +0000 (21:44 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 16 Aug 2018 17:37:02 +0000 (19:37 +0200)
include/net/netfilter/nf_tables.h		patch \| blob \| history
net/netfilter/nf_tables_api.c		patch \| blob \| history
net/netfilter/nft_chain_filter.c		patch \| blob \| history