Make sure we skip the current hook from where the packet was enqueued,
otherwise the packets gets enqueued over and over again.
Fixes: e3b37f11e6e4 ("netfilter: replace list_head with single linked list")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
I managed to reproduce this with a simple test.
# iptables -I OUTPUT -j QUEUE
# cd libnetfilter_queue/utils/
# ./nfqnl_test
Without my patch, netfilter munches packets that are reinjected.
@Aaron: Please, I'd appreciate if you can have a look to confirm this bug
and the fix. Thanks.
net/netfilter/nf_queue.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 96964a0070e1..221d7a5c2fec 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -184,6 +184,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
verdict = NF_DROP;
}
+ hook_entry = rcu_dereference(hook_entry->next);
entry->state.thresh = INT_MIN;
if (verdict == NF_ACCEPT) {
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
