Edward Cree <ecree@xxxxxxxxxxxxxx> wrote:
> On 09/10/2019 15:30, Florian Westphal wrote:
> > At this time, NF_HOOK_LIST() macro will iterate the list and then call
> > nf_hook() for each skb.
> >
> > This makes it so the entire list is passed into the netfilter core.
> > The advantage is that we only need to fetch the rule blob once per list
> > instead of per-skb. If no rules are present, the list operations
> > can be elided entirely.
> >
> > NF_HOOK_LIST only supports ipv4 and ipv6, but those are the only
> > callers.
> >
> > Cc: Edward Cree <ecree@xxxxxxxxxxxxxx>
> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> > ---
> LGTM (but see below).
> Acked-by: Edward Cree <ecree@xxxxxxxxxxxxxx>
[..]
> > + list_for_each_entry_safe(skb, next, head, list) {
> > + list_del(&skb->list);
> I know this was just copied from the existing code, but I've been getting
> a lot more paranoid lately about skbs escaping with non-NULL ->next
> pointers, since several bugs of that kind have turned up elsewhere.
> So should this maybe be skb_list_del_init()?
Ok, I can make that change and send a v2.
