netfilter: nf_tables: fix missing return trace at the end of non-base chain

Display "return" for implicit rule at the end of a non-base chain, instead of when popping chain from the stack. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2014-05-11 11:14:49 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-05-12 10:33:11 -0400
commit: 7e9bc10db275b22a9db0f976b33b5aeed288da73 (patch)
tree: 573c6b70c7c98ac5828311b88c3998f8c0277eae /net
parent: f7e7e39b21c285ad73a62fac0736191b8d830704 (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index be08a96b4f45..421c36ac5145 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -182,18 +182,16 @@ next_rule:
        case NFT_RETURN:
                if (unlikely(pkt->skb->nf_trace))
                        nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RETURN);
+                break;
-                /* fall through */
        case NFT_CONTINUE:
+                if (unlikely(pkt->skb->nf_trace && !(chain->flags & NFT_BASE_CHAIN)))
+                        nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
                break;
        default:
                WARN_ON(1);
        }
        if (stackptr > 0) {
-                if (unlikely(pkt->skb->nf_trace))
-                        nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
                stackptr--;
                chain = jumpstack[stackptr].chain;
                rule  = jumpstack[stackptr].rule;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2014-05-11 11:14:49 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-05-12 10:33:11 -0400
commit	7e9bc10db275b22a9db0f976b33b5aeed288da73 (patch)
tree	573c6b70c7c98ac5828311b88c3998f8c0277eae /net
parent	f7e7e39b21c285ad73a62fac0736191b8d830704 (diff)

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index be08a96b4f45..421c36ac5145 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c
@@ -182,18 +182,16 @@ next_rule:
182	case NFT_RETURN:	182	case NFT_RETURN:
183	if (unlikely(pkt->skb->nf_trace))	183	if (unlikely(pkt->skb->nf_trace))
184	nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RETURN);	184	nft_trace_packet(pkt, chain, rulenum, NFT_TRACE_RETURN);
185		185	break;
186	/* fall through */
187	case NFT_CONTINUE:	186	case NFT_CONTINUE:
		187	if (unlikely(pkt->skb->nf_trace && !(chain->flags & NFT_BASE_CHAIN)))
		188	nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
188	break;	189	break;
189	default:	190	default:
190	WARN_ON(1);	191	WARN_ON(1);
191	}	192	}
192		193
193	if (stackptr > 0) {	194	if (stackptr > 0) {
194	if (unlikely(pkt->skb->nf_trace))
195	nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_RETURN);
196
197	stackptr--;	195	stackptr--;
198	chain = jumpstack[stackptr].chain;	196	chain = jumpstack[stackptr].chain;
199	rule = jumpstack[stackptr].rule;	197	rule = jumpstack[stackptr].rule;