[PATCH 2.4.37] iptables: handle IPT_RETURN from user target

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch handles IPT_RETURN retcode for user's iptables' targets (modules).

Up until now it was handled only for the built-in RETURN iptables' target
and IPT_RETURN in a user target resulted in a NF_DROP.

Signed-off-by: Haim Daniel <haimdaniel@xxxxxxxxx>
---

diff -Nuap a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
--- a/net/ipv4/netfilter/ip_tables.c    2009-03-18 14:00:12.000000000 +0200
+++ b/net/ipv4/netfilter/ip_tables.c    2009-03-18 14:00:29.000000000 +0200
@@ -383,6 +383,11 @@ ipt_do_table(struct sk_buff **pskb,

                if (verdict == IPT_CONTINUE)
                    e = (void *)e + e->next_offset;
+                else if (verdict == IPT_RETURN) {
+                    e = back;
+                    back = get_entry(table_base,
+                             back->comefrom);
+                }
                else
                    /* Verdict */
                    break;

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux