netfilter: nf_tables: do not dump chain counters if not enabled
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 4 Oct 2017 15:18:27 +0000 (17:18 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 6 Oct 2017 12:49:19 +0000 (14:49 +0200)
Chain counters are only enabled on demand since 9f08ea848117, skip them
when dumping them via netlink.

Fixes: 9f08ea848117 ("netfilter: nf_tables: keep chain counters away from hot path")
Reported-by: Johny Mattsson <johny.mattsson+kernel@gmail.com>
Tested-by: Johny Mattsson <johny.mattsson+kernel@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c

index 34adedcb239ea2daa9370d2a3765c8af742b5ba6..64e1ee09122582bce81a4ee996064763083bcfa0 100644 (file)
@@ -1048,7 +1048,7 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
                if (nla_put_string(skb, NFTA_CHAIN_TYPE, basechain->type->name))
                        goto nla_put_failure;
 
-               if (nft_dump_stats(skb, nft_base_chain(chain)->stats))
+               if (basechain->stats && nft_dump_stats(skb, basechain->stats))
                        goto nla_put_failure;
        }