On Tue, Apr 26, 2016 at 11:59:53AM +0200, Florian Westphal wrote:
> diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c
> index 25998fa..4ef41a8 100644
> --- a/net/netfilter/nft_ct.c
> +++ b/net/netfilter/nft_ct.c
> @@ -198,9 +198,22 @@ static void nft_ct_set_eval(const struct nft_expr *expr,
> }
> break;
> #endif
> +#ifdef CONFIG_NF_CONNTRACK_LABELS
> + case NFT_CT_LABELS:
> + if (nf_connlabels_replace(ct,
> + ®s->data[priv->sreg],
> + ®s->data[priv->sreg],
> + NF_CT_LABELS_MAX_SIZE / sizeof(u32)))
> + goto err;
> + break;
> +#endif
> default:
> break;
> }
> +
> + return;
> +err:
> + regs->verdict.code = NFT_BREAK;
This will trigger a warning when CONFIG_NF_CONNTRACK_LABELS is
disabled (the err: label will be unused).
I have fixed this here with:
+#ifdef CONFIG_NF_CONNTRACK_LABELS
+ case NFT_CT_LABELS:
+ if (nf_connlabels_replace(ct,
+ ®s->data[priv->sreg],
+ ®s->data[priv->sreg],
+ NF_CT_LABELS_MAX_SIZE / sizeof(u32))) {
+ regs->verdict.code = NFT_BREAK;
+ return;
+ }
+ break;
+#endif
But still I'm unsure we should stop evaluating the rule. How can we
reach this error situation?
Let me know, I can fix this locally, no need to resend a new patch.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
