[PATCH nf 0/2] netfilter: fix two nf_dup bugs with egress hook

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We need to be more careful now that nf_dup is exposed to new
egress hook.

When called from egress hook, we need to skip push of mac header,
this is only ok for ingress invocation.

Also add a  recursion counter to prevent re-entry into the expression.

Florian Westphal (2):
  netfilter: nf_dup_netdev: do not push mac header a second time
  netfilter: nf_dup_netdev: add and use recursion counter

 net/netfilter/nf_dup_netdev.c | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

-- 
2.35.1
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux