netfilter: nf_tables: add requirements for connsecmark support (b473a1f5) · Commits · e / devices / android_kernel_fairphone_FP5

net/netfilter/nft_ct.c

+16 −1

Original line number	Diff line number	Diff line
		@@ -279,7 +279,7 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
		{
		const struct nft_ct *priv = nft_expr_priv(expr);
		struct sk_buff *skb = pkt->skb;
		#ifdef CONFIG_NF_CONNTRACK_MARK
		#if defined(CONFIG_NF_CONNTRACK_MARK) \|\| defined(CONFIG_NF_CONNTRACK_SECMARK)
		u32 value = regs->data[priv->sreg];
		#endif
		enum ip_conntrack_info ctinfo;
		@@ -298,6 +298,14 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
		}
		break;
		#endif
		#ifdef CONFIG_NF_CONNTRACK_SECMARK
		case NFT_CT_SECMARK:
		if (ct->secmark != value) {
		ct->secmark = value;
		nf_conntrack_event_cache(IPCT_SECMARK, ct);
		}
		break;
		#endif
		#ifdef CONFIG_NF_CONNTRACK_LABELS
		case NFT_CT_LABELS:
		nf_connlabels_replace(ct,
		@@ -564,6 +572,13 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
		return -EINVAL;
		len = sizeof(u32);
		break;
		#endif
		#ifdef CONFIG_NF_CONNTRACK_SECMARK
		case NFT_CT_SECMARK:
		if (tb[NFTA_CT_DIRECTION])
		return -EINVAL;
		len = sizeof(u32);
		break;
		#endif
		default:
		return -EOPNOTSUPP;

+8 −0

Original line number	Diff line number	Diff line
		@@ -284,6 +284,11 @@ static void nft_meta_set_eval(const struct nft_expr *expr,

		skb->nf_trace = !!value8;
		break;
		#ifdef CONFIG_NETWORK_SECMARK
		case NFT_META_SECMARK:
		skb->secmark = value;
		break;
		#endif
		default:
		WARN_ON(1);
		}
		@@ -436,6 +441,9 @@ static int nft_meta_set_init(const struct nft_ctx *ctx,
		switch (priv->key) {
		case NFT_META_MARK:
		case NFT_META_PRIORITY:
		#ifdef CONFIG_NETWORK_SECMARK
		case NFT_META_SECMARK:
		#endif
		len = sizeof(u32);
		break;
		case NFT_META_NFTRACE: