On Fri, Jun 19, 2015 at 05:23:37PM -0500, Eric W. Biederman wrote:
>
> If someone sends packets from one of the netdevice ingress hooks to
> the a userspace queue, and then userspace later accepts the packet,
> the netfilter code can enter an infinite loop as the list head will
> never be found.
>
> Pass in the saved list_head to avoid this.
There is no userspace queueing for netdevice yet, so this can be route
through nf-next. Thanks.
> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
> ---
> net/netfilter/nf_queue.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
> index cd60d397fe05..8a8b2abc35ff 100644
> --- a/net/netfilter/nf_queue.c
> +++ b/net/netfilter/nf_queue.c
> @@ -213,7 +213,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
>
> if (verdict == NF_ACCEPT) {
> next_hook:
> - verdict = nf_iterate(&nf_hooks[entry->state.pf][entry->state.hook],
> + verdict = nf_iterate(entry->state.hook_list,
> skb, &entry->state, &elem);
> }
>
> --
> 2.2.1
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
