On Fri, Oct 09, 2015 at 01:10:37PM +0200, Florian Westphal wrote: > Usage of -prev seems buggy. While packet was out our hook cannot be > removed but we have no way to know if the previous one is still valid. > > So better not use ->prev at all. Since NF_REPEAT just asks to invoke > same hook function again, just do so, and continue with nf_interate > if we get an ACCEPT verdict. > > A side effect of this change is that if nf_reinject(NF_REPEAT) causes > another REPEAT we will now drop the skb instead of a kernel loop. > > However, NF_REPEAT loops would be a bug so this should not happen anyway. Good catch. Applied, thanks Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
