netfilter: nf_tables: decrement chain use counter when replacing rules

Thus, the chain use counter remains with the same value after the
rule replacement.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 5586426a6169d2915e9acaffce8b31a86686772c..19f438deeab84ff0e2f12cd986c3fb34982b89a7 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1799,6 +1799,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb,
                                goto err2;
                        }
                        nft_rule_disactivate_next(net, old_rule);
+                       chain->use--;
                        list_add_tail_rcu(&rule->list, &old_rule->list);
                } else {
                        err = -ENOENT;
@@ -1829,6 +1830,7 @@ err3:
                list_del_rcu(&nft_trans_rule(trans)->list);
                nft_rule_clear(net, nft_trans_rule(trans));
                nft_trans_destroy(trans);
+               chain->use++;
        }
 err2:
        nf_tables_rule_destroy(&ctx, rule);