diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index da658902e0499c7ef034e76186048bca0e6f5eab..efe50aff13ab874da6a280ebbec56de289350f3d 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -2367,6 +2367,13 @@ static inline void nf_reset(struct sk_buff *skb) #endif } +static inline void nf_reset_trace(struct sk_buff *skb) +{ +#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) + skb->nf_trace = 0; +#endif +} + /* Note: This doesn't put any conntrack and bridge info in dst. */ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) { diff --git a/net/core/dev.c b/net/core/dev.c index 720aea01d854b44d58775a35036f63aa18ed4bb6..8e455b84ecaad2d2d6b91f60353846a56e381782 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1619,6 +1619,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) skb->mark = 0; secpath_reset(skb); nf_reset(skb); + nf_reset_trace(skb); return netif_rx(skb); } EXPORT_SYMBOL_GPL(dev_forward_skb);