netfilter: nf_tables: fix register ordering

We must register nfnetlink ops last, as that exposes nf_tables to userspace. Without this, we could theoretically get nfnetlink request before net->nft state has been initialized. Fixes: 99633ab29b213 ("netfilter: nf_tables: complete net namespace support") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2018-08-02 21:44:40 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-16 19:37:02 +0200
commit: d209df3e7f7002d9099fdb0f6df0f972b4386a63 (patch)
tree: b2ded0dc8be12f0048188bbf2b0a80f01fbb353a /include/net
parent: 3e673b23b541b8e7f773b2d378d6eb99831741cd (diff)
download: linux-0-day-d209df3e7f7002d9099fdb0f6df0f972b4386a63.tar.gz
linux-0-day-d209df3e7f7002d9099fdb0f6df0f972b4386a63.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 552bfbef1bf1b..0f39ac487012c 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1374,6 +1374,6 @@ struct nft_trans_flowtable {
 	(((struct nft_trans_flowtable *)trans->data)->flowtable)
 
 int __init nft_chain_filter_init(void);
-void __exit nft_chain_filter_fini(void);
+void nft_chain_filter_fini(void);
 
 #endif /* _NET_NF_TABLES_H */
author	Florian Westphal <fw@strlen.de>	2018-08-02 21:44:40 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-16 19:37:02 +0200
commit	d209df3e7f7002d9099fdb0f6df0f972b4386a63 (patch)
tree	b2ded0dc8be12f0048188bbf2b0a80f01fbb353a /include/net
parent	3e673b23b541b8e7f773b2d378d6eb99831741cd (diff)
download	linux-0-day-d209df3e7f7002d9099fdb0f6df0f972b4386a63.tar.gz linux-0-day-d209df3e7f7002d9099fdb0f6df0f972b4386a63.tar.xz