diff options
author | Florian Westphal <fw@strlen.de> | 2015-11-18 23:32:40 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-23 17:54:45 +0100 |
commit | daaa7d647f81f3f1494d9a9029d611b666d63181 (patch) | |
tree | bc0ecf36c021ae09c845364acbd918afbd0a693e /include/net | |
parent | 029f7f3b8701cc7aca8bdb31f0c7edd6a479e357 (diff) | |
download | op-kernel-dev-daaa7d647f81f3f1494d9a9029d611b666d63181.zip op-kernel-dev-daaa7d647f81f3f1494d9a9029d611b666d63181.tar.gz |
netfilter: ipv6: avoid nf_iterate recursion
The previous patch changed nf_ct_frag6_gather() to morph reassembled skb
with the previous one.
This means that the return value is always NULL or the skb argument.
So change it to an err value.
Instead of invoking NF_HOOK recursively with threshold to skip already-called hooks
we can now just return NF_ACCEPT to move on to the next hook except for
-EINPROGRESS (which means skb has been queued for reassembly), in which case we
return NF_STOLEN.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/ipv6/nf_defrag_ipv6.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/netfilter/ipv6/nf_defrag_ipv6.h b/include/net/netfilter/ipv6/nf_defrag_ipv6.h index fcd20cf..ddf162f 100644 --- a/include/net/netfilter/ipv6/nf_defrag_ipv6.h +++ b/include/net/netfilter/ipv6/nf_defrag_ipv6.h @@ -5,7 +5,7 @@ void nf_defrag_ipv6_enable(void); int nf_ct_frag6_init(void); void nf_ct_frag6_cleanup(void); -struct sk_buff *nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user); +int nf_ct_frag6_gather(struct net *net, struct sk_buff *skb, u32 user); struct inet_frags_ctl; |