Skip to content

Commit

Permalink
netfilter: nft_synproxy: unregister hooks on init error path
Browse files Browse the repository at this point in the history 
Disable the IPv4 hooks if the IPv6 hooks fail to be registered.

Fixes: ad49d86 ("netfilter: nf_tables: Add synproxy support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
@ummakynes
ummakynes committed Feb 10, 2022
1 parent 2e71ec1 commit 2b4e5fb
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion net/netfilter/nft_synproxy.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,8 +191,10 @@ static int nft_synproxy_do_init(const struct nft_ctx *ctx,
if (err)
goto nf_ct_failure;
err = nf_synproxy_ipv6_init(snet, ctx->net);
if (err)
if (err) {
nf_synproxy_ipv4_fini(snet, ctx->net);
goto nf_ct_failure;
}
break;
}

Expand Down

0 comments on commit 2b4e5fb

Please sign in to comment.