netfilter: nf_tables: return immediately on empty commit
When running 'nft flush ruleset' while no rules exist, we will increment the generation counter and announce a new genid to userspace, yet nothing had changed in the first place. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
3f3a390dbd
commit
b8b2749865
|
@ -6564,6 +6564,11 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
|
|||
struct nft_chain *chain;
|
||||
struct nft_table *table;
|
||||
|
||||
if (list_empty(&net->nft.commit_list)) {
|
||||
mutex_unlock(&net->nft.commit_mutex);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* 0. Validate ruleset, otherwise roll back for error reporting. */
|
||||
if (nf_tables_validate(net) < 0)
|
||||
return -EAGAIN;
|
||||
|
|
Loading…
Reference in New Issue