netfilter: nf_tables: Unbreak audit log reset

[sfrench/cifs-2.6.git] / net / netfilter / nf_tables_api.c

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 2c81cee858d62faeaf921de6f284aba5198d597f..e429ebba74b3d13b441f8130087e81153ee1032c 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3480,6 +3480,10 @@ cont:
 cont_skip:
                (*idx)++;
        }
+
+       if (reset && *idx)
+               audit_log_rule_reset(table, cb->seq, *idx);
+
        return 0;
 }
 
@@ -3540,9 +3544,6 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
 done:
        rcu_read_unlock();
 
-       if (reset && idx > cb->args[0])
-               audit_log_rule_reset(table, cb->seq, idx - cb->args[0]);
-
        cb->args[0] = idx;
        return skb->len;
 }
@@ -5760,8 +5761,6 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
        if (!args.iter.err && args.iter.count == cb->args[0])
                args.iter.err = nft_set_catchall_dump(net, skb, set,
                                                      reset, cb->seq);
-       rcu_read_unlock();
-
        nla_nest_end(skb, nest);
        nlmsg_end(skb, nlh);
 
@@ -5769,6 +5768,8 @@ static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
                audit_log_nft_set_reset(table, cb->seq,
                                        args.iter.count - args.iter.skip);
 
+       rcu_read_unlock();
+
        if (args.iter.err && args.iter.err != -EMSGSIZE)
                return args.iter.err;
        if (args.iter.count == cb->args[0])