Commit 7e9bc10d authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nf_tables: fix missing return trace at the end of non-base chain

Display "return" for implicit rule at the end of a non-base chain,
instead of when popping chain from the stack.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent f7e7e39b
......@@ -182,18 +182,16 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
case NFT_RETURN:
if (unlikely(pkt->skb->nf_trace))
nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RETURN);
/* fall through */
break;
case NFT_CONTINUE:
if (unlikely(pkt->skb->nf_trace && !(chain->flags & NFT_BASE_CHAIN)))
nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
break;
default:
WARN_ON(1);
}
if (stackptr > 0) {
if (unlikely(pkt->skb->nf_trace))
nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
stackptr--;
chain = jumpstack[stackptr].chain;
rule = jumpstack[stackptr].rule;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment