Commit b9850ec0 authored by Paolo Abeni's avatar Paolo Abeni

Merge tag 'nf-23-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains one Netfilter fix:

1) Restore 'ct state untracked' matching with CONFIG_RETPOLINE=y,
   from Florian Westphal.

* tag 'nf-23-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: fix ct untracked match breakage
====================

Link: https://lore.kernel.org/r/20230503201143.12310-1-pablo@netfilter.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parents 6a341729 f057b63b
...@@ -15,10 +15,6 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr, ...@@ -15,10 +15,6 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr,
unsigned int state; unsigned int state;
ct = nf_ct_get(pkt->skb, &ctinfo); ct = nf_ct_get(pkt->skb, &ctinfo);
if (!ct) {
regs->verdict.code = NFT_BREAK;
return;
}
switch (priv->key) { switch (priv->key) {
case NFT_CT_STATE: case NFT_CT_STATE:
...@@ -30,6 +26,16 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr, ...@@ -30,6 +26,16 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr,
state = NF_CT_STATE_INVALID_BIT; state = NF_CT_STATE_INVALID_BIT;
*dest = state; *dest = state;
return; return;
default:
break;
}
if (!ct) {
regs->verdict.code = NFT_BREAK;
return;
}
switch (priv->key) {
case NFT_CT_DIRECTION: case NFT_CT_DIRECTION:
nft_reg_store8(dest, CTINFO2DIR(ctinfo)); nft_reg_store8(dest, CTINFO2DIR(ctinfo));
return; return;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment