Skip to content

Commit

Permalink
netfilter: nf_tables: allow expressions to return STOLEN
Browse files Browse the repository at this point in the history 
Currently not supported, we'd oops as skb was (or is) free'd elsewhere.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Florian Westphal authored and Pablo Neira Ayuso committed Oct 26, 2016
1 parent 0813fbc commit 5efa0fc
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/netfilter/nf_tables_core.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
case NF_ACCEPT:
case NF_DROP:
case NF_QUEUE:
case NF_STOLEN:
nft_trace_packet(&info, chain, rule,
rulenum, NFT_TRACETYPE_RULE);
return regs.verdict.code;
Expand Down

0 comments on commit 5efa0fc

Please sign in to comment.