Jan Engelhardt wrote:
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index 8e23d8f..2010b56 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -62,6 +62,11 @@ static const char *const xt_prefix[NFPROTO_NUMPROTO] = {
> [NFPROTO_IPV6] = "ip6",
> };
>
> +/* Allow this many total (re)entries. */
> +static unsigned int xt_jumpstack_multiplier = 2;
> +module_param_named(jumpstack_multiplier, xt_jumpstack_multiplier,
> + uint, S_IRUGO | S_IWUSR);
> +
This seems very wrong. Why should the user care about this?
I still don't like this patch very much, its only used for a very
special case and I'm not convinced that reentrancy of TEE'ed packets
is enough justification for this. Perhaps actually getting rid of
the per-cpu copies of the ruleset could convince me :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
