| Message ID | 1476441446-19611-1-git-send-email-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
Pablo Neira Ayuso <pablo@netfilter.org> writes: > Make sure we skip the current hook from where the packet was enqueued, > otherwise the packets gets enqueued over and over again. > > Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> > --- > v2: Make sure next hook is non-null, otherwise we are at the end of the > hook list and we can skip nf_iterate(). > > net/netfilter/nf_queue.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c > index 96964a0070e1..691e713d70f5 100644 > --- a/net/netfilter/nf_queue.c > +++ b/net/netfilter/nf_queue.c > @@ -185,8 +185,9 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) > } > > entry->state.thresh = INT_MIN; > + hook_entry = rcu_dereference(hook_entry->next); > > - if (verdict == NF_ACCEPT) { > + if (hook_entry && verdict == NF_ACCEPT) { > next_hook: > verdict = nf_iterate(skb, &entry->state, &hook_entry); > } ACK. I thought switch case below could have a problem, but re-checked the first nf_queue leg, and it seems okay. -Aaron -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 96964a0070e1..691e713d70f5 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -185,8 +185,9 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) } entry->state.thresh = INT_MIN; + hook_entry = rcu_dereference(hook_entry->next); - if (verdict == NF_ACCEPT) { + if (hook_entry && verdict == NF_ACCEPT) { next_hook: verdict = nf_iterate(skb, &entry->state, &hook_entry); }
Make sure we skip the current hook from where the packet was enqueued, otherwise the packets gets enqueued over and over again. Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- v2: Make sure next hook is non-null, otherwise we are at the end of the hook list and we can skip nf_iterate(). net/netfilter/nf_queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)