Hi Florian,
On Sat, Feb 15, 2014 at 11:48:45PM +0100, Florian Westphal wrote:
> When using nftables with CONFIG_NETFILTER_XT_TARGET_TRACE=n, we get
> lots of "TRACE: filter:output:policy:1 IN=..." warnings as several
> places will leave skb->nf_trace uninitialised.
Good catch.
> Unlike iptables tracing functionality is not conditional in nftables,
> so always copy/zero nf_trace setting when nftables is enabled.
>
> Move this into __nf_copy() helper.
>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> include/linux/skbuff.h | 5 ++++-
> net/core/skbuff.c | 3 ---
> net/ipv4/ip_output.c | 3 ---
> net/ipv6/ip6_output.c | 3 ---
> 4 files changed, 4 insertions(+), 10 deletions(-)
>
> diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
> index 1f689e6..99fc8b3 100644
> --- a/include/linux/skbuff.h
> +++ b/include/linux/skbuff.h
> @@ -2724,7 +2724,7 @@ static inline void nf_reset(struct sk_buff *skb)
>
> static inline void nf_reset_trace(struct sk_buff *skb)
> {
> -#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
> +#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) || defined(CONFIG_NF_TABLES)
Perhaps you can add a generic CONFIG_NF_TRACE that is set by xt_trace
and nf_tables?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
