Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > A chain/flowtable update with duplicated devices in the same batch is > possible. Unfortunately, netdev event path only removes the first > device that is found, leaving unregistered the hook of the duplicated > device. > > Check if a duplicated device exists in the transaction batch, bail out > with EEXIST in such case. > > WARNING is hit when unregistering the hook: > > [49042.221275] WARNING: CPU: 4 PID: 8425 at net/netfilter/core.c:340 nf_hook_entry_head+0xaa/0x150 > [49042.221375] CPU: 4 UID: 0 PID: 8425 Comm: nft Tainted: G S 6.16.0+ #170 PREEMPT(full) > [...] > [49042.221382] RIP: 0010:nf_hook_entry_head+0xaa/0x150 Thanks Pablo. Just to confirm: this doesn't result in anything other than the unreg splat, correct? Or does this leak memory too? FTR, i placed this in nf.git:testing.
