Pablo Neira Ayuso <pa...@netfilter.org> writes:
> Make sure we skip the current hook from where the packet was enqueued,
> otherwise the packets gets enqueued over and over again.
>
> Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")
> Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
> ---
> I managed to reproduce this with a simple test.
>
> # iptables -I OUTPUT -j QUEUE
> # cd libnetfilter_queue/utils/
> # ./nfqnl_test
>
> Without my patch, netfilter munches packets that are reinjected.
>
> @Aaron: Please, I'd appreciate if you can have a look to confirm this bug
> and the fix. Thanks.
Looks like I missed this in my testing.
Reviewed-by: Aaron Conole <acon...@bytheb.org>
> net/netfilter/nf_queue.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
> index 96964a0070e1..221d7a5c2fec 100644
> --- a/net/netfilter/nf_queue.c
> +++ b/net/netfilter/nf_queue.c
> @@ -184,6 +184,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned
> int verdict)
> verdict = NF_DROP;
> }
>
> + hook_entry = rcu_dereference(hook_entry->next);
> entry->state.thresh = INT_MIN;
>
> if (verdict == NF_ACCEPT) {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
