Kristian Evensen <kristian.evensen@xxxxxxxxx> wrote:
> +static void nft_ct_set_eval(const struct nft_expr *expr,
> + struct nft_data data[NFT_REG_MAX + 1],
> + const struct nft_pktinfo *pkt)
> +{
> + const struct nft_ct *priv = nft_expr_priv(expr);
> + struct sk_buff *skb = pkt->skb;
> + u32 value = data[priv->sreg].data[0];
> + enum ip_conntrack_info ctinfo;
> + struct nf_conn *ct;
> +
> + ct = nf_ct_get(skb, &ctinfo);
> +
> + if (ct == NULL)
> + return;
> +
> + switch (priv->key) {
> +#ifdef CONFIG_NF_CONNTRACK_MARK
> + case NFT_CT_MARK:
> + ct->mark = value;
> + nf_conntrack_event_cache(IPCT_MARK, ct);
I think the event should only be raised when the mark value
is altered, else one might get nfct event storm.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
