From: Patrick McHardy <kaber@xxxxxxxxx> The set operation for ct mark is only valid if CONFIG_NF_CONNTRACK_MARK is enabled. Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/nft_ct.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c index bd0d41e..a2c45bd 100644 --- a/net/netfilter/nft_ct.c +++ b/net/netfilter/nft_ct.c @@ -268,8 +268,10 @@ static int nft_ct_init_validate_get(const struct nft_expr *expr, static int nft_ct_init_validate_set(uint32_t key) { switch (key) { +#ifdef CONFIG_NF_CONNTRACK_MARK case NFT_CT_MARK: break; +#endif default: return -EOPNOTSUPP; } -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html