Make sure we skip the current hook from where the packet was enqueued,
otherwise the packets gets enqueued over and over again.
Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")
Signed-off-by: Pablo Neira Ayuso <[email protected]>
---
v2: Make sure next hook is non-null, otherwise we are at the end of the
hook list and we can skip nf_iterate().
net/netfilter/nf_queue.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 96964a0070e1..691e713d70f5 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -185,8 +185,9 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int
verdict)
}
entry->state.thresh = INT_MIN;
+ hook_entry = rcu_dereference(hook_entry->next);
- if (verdict == NF_ACCEPT) {
+ if (hook_entry && verdict == NF_ACCEPT) {
next_hook:
verdict = nf_iterate(skb, &entry->state, &hook_entry);
}
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
