netfilter: nf_conntrack: add efficient mark to zone mapping

[deliverable/linux.git] / net / netfilter / xt_CT.c

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 536cb67928ad8a73da3a7ef3cb1b32ceb48d5034..346509825a80e669428426d54d0d65924d72172e 100644 (file)
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -208,7 +208,8 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
 
 #ifndef CONFIG_NF_CONNTRACK_ZONES
        if (info->zone || info->flags & (XT_CT_ZONE_DIR_ORIG |
-                                        XT_CT_ZONE_DIR_REPL))
+                                        XT_CT_ZONE_DIR_REPL |
+                                        XT_CT_ZONE_MARK))
                goto err1;
 #endif
 
@@ -219,6 +220,8 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
        memset(&zone, 0, sizeof(zone));
        zone.id = info->zone;
        zone.dir = xt_ct_flags_to_dir(info);
+       if (info->flags & XT_CT_ZONE_MARK)
+               zone.flags |= NF_CT_FLAG_MARK;
 
        ct = nf_ct_tmpl_alloc(par->net, &zone, GFP_KERNEL);
        ret = PTR_ERR(ct);