This patch handles IPT_RETURN retcode for user's iptables' targets
(modules).
Up until now it was handled only for the built-in RETURN iptables' target
and IPT_RETURN in a user target resulted in a NF_DROP.
Signed-off-by: Haim Daniel <haimdaniel@xxxxxxxxx>
---
diff -Nuap a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
--- a/net/ipv4/netfilter/ip_tables.c 2009-03-18 14:00:12.000000000 +0200
+++ b/net/ipv4/netfilter/ip_tables.c 2009-03-18 14:00:29.000000000 +0200
@@ -383,6 +383,11 @@ ipt_do_table(struct sk_buff **pskb,
if (verdict == IPT_CONTINUE)
e = (void *)e + e->next_offset;
+ else if (verdict == IPT_RETURN) {
+ e = back;
+ back = get_entry(table_base,
+ back->comefrom);
+ }
else
/* Verdict */
break;
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html