Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

netfilter: nf_tables: fix missing return trace at the end of non-base chain

Display "return" for implicit rule at the end of a non-base chain,
instead of when popping chain from the stack.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso 11 years ago
parent
f7e7e39b21
commit
7e9bc10db2
1 changed files with 3 additions and 5 deletions
Split View Show Diff Stats
  1. 3 5
      net/netfilter/nf_tables_core.c

+ 3 - 5
net/netfilter/nf_tables_core.c
View File 

@@ -182,18 +182,16 @@ next_rule:
 
 	case NFT_RETURN:
 
 		if (unlikely(pkt->skb->nf_trace))
 
 			nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RETURN);
 
-
 
-		/* fall through */
 
+		break;
 
 	case NFT_CONTINUE:
 
+		if (unlikely(pkt->skb->nf_trace && !(chain->flags & NFT_BASE_CHAIN)))
 
+			nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
 
 		break;
 
 	default:
 
 		WARN_ON(1);
 
 	}
 
 
 	if (stackptr > 0) {
 
-		if (unlikely(pkt->skb->nf_trace))
 
-			nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
 
-
 
 		stackptr--;
 
 		chain = jumpstack[stackptr].chain;
 
 		rule  = jumpstack[stackptr].rule;