diff options
author | Patrick McHardy <kaber@trash.net> | 2006-08-17 18:13:53 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-08-17 18:13:53 -0700 |
commit | 8311731afc439f508ab4d759edadedae75afb73e (patch) | |
tree | c1f63cd1d4e10b6a62c3a62e2407c998d9fbaec6 /net | |
parent | d205dc40798d97d63ad348bfaf7394f445d152d4 (diff) | |
download | op-kernel-dev-8311731afc439f508ab4d759edadedae75afb73e.zip op-kernel-dev-8311731afc439f508ab4d759edadedae75afb73e.tar.gz |
[NETFILTER]: ip_tables: fix table locking in ipt_do_table
table->private might change because of ruleset changes, don't use it without
holding the lock.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index f316ff5..048514f 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -230,7 +230,7 @@ ipt_do_table(struct sk_buff **pskb, const char *indev, *outdev; void *table_base; struct ipt_entry *e, *back; - struct xt_table_info *private = table->private; + struct xt_table_info *private; /* Initialization */ ip = (*pskb)->nh.iph; @@ -247,6 +247,7 @@ ipt_do_table(struct sk_buff **pskb, read_lock_bh(&table->lock); IP_NF_ASSERT(table->valid_hooks & (1 << hook)); + private = table->private; table_base = (void *)private->entries[smp_processor_id()]; e = get_entry(table_base, private->hook_entry[hook]); |