Commit b9850ec0 authored May 04, 2023 by Paolo Abeni

Merge tag 'nf-23-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains one Netfilter fix:

1) Restore 'ct state untracked' matching with CONFIG_RETPOLINE=y,
   from Florian Westphal.

* tag 'nf-23-05-03' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: fix ct untracked match breakage
====================

Link: https://lore.kernel.org/r/20230503201143.12310-1-pablo@netfilter.org


Signed-off-by: Paolo Abeni <pabeni@redhat.com>

parents 6a341729 f057b63b

net/netfilter/nft_ct_fast.c

+10 −4

Original line number	Diff line number	Diff line
		@@ -15,10 +15,6 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr,
		unsigned int state;

		ct = nf_ct_get(pkt->skb, &ctinfo);
		if (!ct) {
		regs->verdict.code = NFT_BREAK;
		return;
		}

		switch (priv->key) {
		case NFT_CT_STATE:
		@@ -30,6 +26,16 @@ void nft_ct_get_fast_eval(const struct nft_expr *expr,
		state = NF_CT_STATE_INVALID_BIT;
		*dest = state;
		return;
		default:
		break;
		}

		if (!ct) {
		regs->verdict.code = NFT_BREAK;
		return;
		}

		switch (priv->key) {
		case NFT_CT_DIRECTION:
		nft_reg_store8(dest, CTINFO2DIR(ctinfo));
		return;