When CONFIG_NETFILTER_INGRESS is unset (or no), we need to handle the request for registration properly by dropping the hook. This releases the entry during the set.
Signed-off-by: Aaron Conole <[email protected]> --- net/netfilter/core.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/netfilter/core.c b/net/netfilter/core.c index e58e420..1d0a4c9 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -90,10 +90,14 @@ static void nf_set_hooks_head(struct net *net, const struct nf_hook_ops *reg, { switch (reg->pf) { case NFPROTO_NETDEV: +#ifdef CONFIG_NETFILTER_INGRESS /* We already checked in nf_register_net_hook() that this is * used from ingress. */ rcu_assign_pointer(reg->dev->nf_hooks_ingress, entry); +#else + kfree(entry); +#endif break; default: rcu_assign_pointer(net->nf.hooks[reg->pf][reg->hooknum], -- 2.5.5
