summaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-05-10 18:46:02 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2014-05-12 16:33:10 +0200
commitf7e7e39b21c285ad73a62fac0736191b8d830704 (patch)
tree8fbe1435d12728c7fadd09f8fc829437d365492d /net/netfilter
parent7b9d5ef932297413adcbd8be98fe612b9527a312 (diff)
netfilter: nf_tables: fix bogus rulenum after goto action
After returning from the chain that we just went to with no matchings, we get a bogus rule number in the trace. To fix this, we would need to iterate over the list of remaining rules in the chain to update the rule number counter. Patrick suggested to set this to the maximum value since the default base chain policy is the very last action when the processing the base chain is over. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nf_tables_core.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index f55fb28264f..be08a96b4f4 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -202,7 +202,7 @@ next_rule:
}
if (unlikely(pkt->skb->nf_trace))
- nft_trace_packet(pkt, basechain, ++rulenum, NFT_TRACE_POLICY);
+ nft_trace_packet(pkt, basechain, -1, NFT_TRACE_POLICY);
rcu_read_lock_bh();
stats = rcu_dereference(nft_base_chain(basechain)->stats);