From 5efa0fc6d7f7930b18801f07cefae8eeacd6ac02 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 18 Oct 2016 17:35:18 +0200 Subject: [PATCH] netfilter: nf_tables: allow expressions to return STOLEN Currently not supported, we'd oops as skb was (or is) free'd elsewhere. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/netfilter/nf_tables_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index 0dd5c695482f..70de32a6d5c0 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c @@ -178,6 +178,7 @@ next_rule: case NF_ACCEPT: case NF_DROP: case NF_QUEUE: + case NF_STOLEN: nft_trace_packet(&info, chain, rule, rulenum, NFT_TRACETYPE_RULE); return regs.verdict.code; -- 2.30.2