netfilter: nf_tables: fix bogus rulenum after goto action

After returning from the chain that we just went to with no matchings, we get a bogus rule number in the trace. To fix this, we would need to iterate over the list of remaining rules in the chain to update the rule number counter. Patrick suggested to set this to the maximum value since the default base chain policy is the very last action when the processing the base chain is over. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_tables: fix bogus rulenum after goto action
After returning from the chain that we just went to with no matchings, we get a bogus rule number in the trace. To fix this, we would need to iterate over the list of remaining rules in the chain to update the rule number counter. Patrick suggested to set this to the maximum value since the default base chain policy is the very last action when the processing the base chain is over. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
f7e7e39b · Pablo Neira Ayuso · 7b9d5ef9 · f7e7e39b
Commit f7e7e39b authored May 10, 2014 by Pablo Neira Ayuso
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

net/netfilter/nf_tables_core.c net/netfilter/nf_tables_core.c +1 -1

No files found.
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -202,7 +202,7 @@ nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
 	}
 	if (unlikely(pkt->skb->nf_trace))
-		nft_trace_packet(pkt, basechain, ++rulenum, NFT_TRACE_POLICY);
+		nft_trace_packet(pkt, basechain, -1, NFT_TRACE_POLICY);
 	rcu_read_lock_bh();
 	stats = rcu_dereference(nft_base_chain(basechain)->stats);