Thank you. I forgot to add the check for mark != value. I will submit
a new version.
-Kristian
On Tue, Jan 7, 2014 at 4:32 PM, Florian Westphal <fw@xxxxxxxxx> wrote:
> Kristian Evensen <kristian.evensen@xxxxxxxxx> wrote:
>> +static void nft_ct_set_eval(const struct nft_expr *expr,
>> + struct nft_data data[NFT_REG_MAX + 1],
>> + const struct nft_pktinfo *pkt)
>> +{
>> + const struct nft_ct *priv = nft_expr_priv(expr);
>> + struct sk_buff *skb = pkt->skb;
>> + u32 value = data[priv->sreg].data[0];
>> + enum ip_conntrack_info ctinfo;
>> + struct nf_conn *ct;
>> +
>> + ct = nf_ct_get(skb, &ctinfo);
>> +
>> + if (ct == NULL)
>> + return;
>> +
>> + switch (priv->key) {
>> +#ifdef CONFIG_NF_CONNTRACK_MARK
>> + case NFT_CT_MARK:
>> + ct->mark = value;
>> + nf_conntrack_event_cache(IPCT_MARK, ct);
>
> I think the event should only be raised when the mark value
> is altered, else one might get nfct event storm.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
