netfilter: nft_synproxy: unregister hooks on init error path

Disable the IPv4 hooks if the IPv6 hooks fail to be registered.

Fixes: 4369d34f5e64 ("netfilter: nf_tables: Add synproxy support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_synproxy.c b/net/netfilter/nft_synproxy.c
index a0109fa1e92d08fe53d2c2054bae93af94995ef1..1133e06f3c40eb4cd4b1c13ed6a7e4dd6734f3c5 100644 (file)
--- a/net/netfilter/nft_synproxy.c
+++ b/net/netfilter/nft_synproxy.c
@@ -191,8 +191,10 @@ static int nft_synproxy_do_init(const struct nft_ctx *ctx,
                if (err)
                        goto nf_ct_failure;
                err = nf_synproxy_ipv6_init(snet, ctx->net);
-               if (err)
+               if (err) {
+                       nf_synproxy_ipv4_fini(snet, ctx->net);
                        goto nf_ct_failure;
+               }
                break;
        }