]> Git Repo - linux.git/commitdiff
projects / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6a6d01d)
netfilter: fix CONFIG_COMPAT support
authorFlorian Westphal <[email protected]>
Mon, 23 Aug 2010 21:41:22 +0000 (14:41 -0700)
committerDavid S. Miller <[email protected]>
Mon, 23 Aug 2010 21:41:22 +0000 (14:41 -0700)
commit f3c5c1bfd430858d3a05436f82c51e53104feb6b
(netfilter: xtables: make ip_tables reentrant) forgot to
also compute the jumpstack size in the compat handlers.

Result is that "iptables -I INPUT -j userchain" turns into -j DROP.

Reported by Sebastian Roesner on #netfilter, closes
http://bugzilla.netfilter.org/show_bug.cgi?id=669.

Note: arptables change is compile-tested only.

Signed-off-by: Florian Westphal <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
Tested-by: Mikael Pettersson <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
net/ipv4/netfilter/arp_tables.c patch | blob | blame | history
net/ipv4/netfilter/ip_tables.c patch | blob | blame | history
net/ipv6/netfilter/ip6_tables.c patch | blob | blame | history

diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 51d6c31679757f58e62368a42edba16d9bfc4d09..e8f4f9a57f1258fb1a589c87a956797019c67504 100644 (file)
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1420,6 +1420,9 @@ static int translate_compat_table(const char *name,
                if (ret != 0)
                        break;
                ++i;
+               if (strcmp(arpt_get_target(iter1)->u.user.name,
+                   XT_ERROR_TARGET) == 0)
+                       ++newinfo->stacksize;
        }
        if (ret) {
                /*
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 97b64b22c41214858d6ddb1fb9cf8e292468e23d..d163f2e3b2e99e5f18ae9997d3c74867b3e79354 100644 (file)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1751,6 +1751,9 @@ translate_compat_table(struct net *net,
                if (ret != 0)
                        break;
                ++i;
+               if (strcmp(ipt_get_target(iter1)->u.user.name,
+                   XT_ERROR_TARGET) == 0)
+                       ++newinfo->stacksize;
        }
        if (ret) {
                /*
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 29a7bca29e3fddec24a55ea2e6ca228bc7a452ba..8e754be92c2450e7142a958466b493dc077f5772 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1766,6 +1766,9 @@ translate_compat_table(struct net *net,
                if (ret != 0)
                        break;
                ++i;
+               if (strcmp(ip6t_get_target(iter1)->u.user.name,
+                   XT_ERROR_TARGET) == 0)
+                       ++newinfo->stacksize;
        }
        if (ret) {
                /*
Empty description
This page took 0.054685 seconds and 4 git commands to generate.