netfilter: reset nf_trace in nf_reset

We forgot to clear the nf_trace of sk_buff in nf_reset, When we use veth device, this nf_trace information will be leaked from one net namespace to another net namespace. Signed-off-by: Gao feng <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
kishon · Mar 25, 2013 · 130549f · 130549f
1 parent 7ebe183
commit 130549f
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
@@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb)
 	nf_bridge_put(skb->nf_bridge);
 	skb->nf_bridge = NULL;
 #endif
+#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE)
+	skb->nf_trace = 0;
+#endif
 }
 
 /* Note: This doesn't put any conntrack and bridge info in dst. */