Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e569bdab authored by Eric Leblond's avatar Eric Leblond Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: fix issue with verdict support 



The test on verdict was simply done on the value of the verdict
which is not correct as far as queue is concern. In fact, the test
of verdict test must be done with respect to the verdict mask for
verdicts which are not internal to nftables.

Signed-off-by: default avatarEric Leblond <eric@regit.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent cfce0a2b

net/netfilter/nf_tables_core.c

+4 −1
Original line number Diff line number Diff line
@@ -164,7 +164,7 @@ next_rule: 
		break;

	}



	switch (data[NFT_REG_VERDICT].verdict) {

	switch (data[NFT_REG_VERDICT].verdict & NF_VERDICT_MASK) {

	case NF_ACCEPT:

	case NF_DROP:

	case NF_QUEUE:
@@ -172,6 +172,9 @@ next_rule: 
			nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);



		return data[NFT_REG_VERDICT].verdict;

	}



	switch (data[NFT_REG_VERDICT].verdict) {

	case NFT_JUMP:

		if (unlikely(pkt->skb->nf_trace))

			nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RULE);