git.cascardo.info Git - cascardo/linux.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 17 Oct 2016 17:05:32 +0000 (18:05 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 20 Oct 2016 17:59:59 +0000 (19:59 +0200)
commit	7034b566a4e7d550621c2dfafd380b77b3787cd9
tree	2fa8ed25fadfca91382154c71fe37bf45d4f8b20	tree \| snapshot
parent	7bb6615d395a7c130053728f3a64f6df6b2e1f18	commit \| diff

netfilter: fix nf_queue handling

nf_queue handling is broken since e3b37f11e6e4 ("netfilter: replace
list_head with single linked list") for two reasons:

1) If the bypass flag is set on, there are no userspace listeners and
   we still have more hook entries to iterate over, then jump to the
   next hook. Otherwise accept the packet. On nf_reinject() path, the
   okfn() needs to be invoked.

2) We should not re-enter the same hook on packet reinjection. If the
   packet is accepted, we have to skip the current hook from where the
   packet was enqueued, otherwise the packets gets enqueued over and
   over again.

This restores the previous list_for_each_entry_continue() behaviour
happening from nf_iterate() that was dealing with these two cases.
This patch introduces a new nf_queue() wrapper function so this fix
becomes simpler.

Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/core.c		diff \| blob \| history
net/netfilter/nf_internals.h		diff \| blob \| history
net/netfilter/nf_queue.c		diff \| blob \| history