summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2015-06-20 00:23:37 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-07-02 15:03:13 +0200
commitf307170d6e591a48529425b1ed6ca835790995a9 (patch)
treea067197638084b8853d59ed6af1f0c5209f5ad9a
parentMerge tag 'devicetree-for-linus' of git://git.kernel.org/pub/scm/linux/kernel... (diff)
downloadlinux-f307170d6e591a48529425b1ed6ca835790995a9.tar.xz
linux-f307170d6e591a48529425b1ed6ca835790995a9.zip
netfilter: nf_queue: Don't recompute the hook_list head
If someone sends packets from one of the netdevice ingress hooks to the a userspace queue, and then userspace later accepts the packet, the netfilter code can enter an infinite loop as the list head will never be found. Pass in the saved list_head to avoid this. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_queue.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index cd60d397fe05..8a8b2abc35ff 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -213,7 +213,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
if (verdict == NF_ACCEPT) {
next_hook:
- verdict = nf_iterate(&nf_hooks[entry->state.pf][entry->state.hook],
+ verdict = nf_iterate(entry->state.hook_list,
skb, &entry->state, &elem);
}