From f7e7e39b21c285ad73a62fac0736191b8d830704 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 10 May 2014 18:46:02 +0200
Subject: [PATCH] netfilter: nf_tables: fix bogus rulenum after goto action

After returning from the chain that we just went to with no matchings,
we get a bogus rule number in the trace. To fix this, we would need
to iterate over the list of remaining rules in the chain to update the
rule number counter.

Patrick suggested to set this to the maximum value since the default
base chain policy is the very last action when the processing the base
chain is over.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_tables_core.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index f55fb28264fa..be08a96b4f45 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -202,7 +202,7 @@ next_rule:
 	}
 
 	if (unlikely(pkt->skb->nf_trace))
-		nft_trace_packet(pkt, basechain, ++rulenum, NFT_TRACE_POLICY);
+		nft_trace_packet(pkt, basechain, -1, NFT_TRACE_POLICY);
 
 	rcu_read_lock_bh();
 	stats = rcu_dereference(nft_base_chain(basechain)->stats);
-- 
2.30.2