netfilter: nf_tables: do not dump chain counters if not enabled
Chain counters are only enabled on demand since9f08ea8481
, skip them when dumping them via netlink. Fixes:9f08ea8481
("netfilter: nf_tables: keep chain counters away from hot path") Reported-by: Johny Mattsson <johny.mattsson+kernel@gmail.com> Tested-by: Johny Mattsson <johny.mattsson+kernel@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
e63aaaa6be
commit
5f9bfe0ef6
|
@ -1048,7 +1048,7 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
|
||||||
if (nla_put_string(skb, NFTA_CHAIN_TYPE, basechain->type->name))
|
if (nla_put_string(skb, NFTA_CHAIN_TYPE, basechain->type->name))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
if (nft_dump_stats(skb, nft_base_chain(chain)->stats))
|
if (basechain->stats && nft_dump_stats(skb, basechain->stats))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue