diff options
author | David S. Miller <davem@davemloft.net> | 2013-10-29 16:53:44 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-10-29 16:53:44 -0400 |
commit | 68783ec73c3b77b405f7670e37ecef15d25f5e55 (patch) | |
tree | bf29814fd401872522563bb94067f4f38a575ea2 /net | |
parent | 059dfa6a93b779516321e5112db9d7621b1367ba (diff) | |
parent | d954777324ffcba0b2f8119c102237426c654eeb (diff) | |
download | linux-stable-68783ec73c3b77b405f7670e37ecef15d25f5e55.tar.gz linux-stable-68783ec73c3b77b405f7670e37ecef15d25f5e55.tar.bz2 linux-stable-68783ec73c3b77b405f7670e37ecef15d25f5e55.zip |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
This pull request contains the following netfilter fix:
* fix --queue-bypass in xt_NFQUEUE revision 3. While adding the
revision 3 of this target, the bypass flags were not correctly
handled anymore, thus, breaking packet bypassing if no application
is listening from userspace, patch from Holger Eitzenberger,
reported by Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_NFQUEUE.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c index 1e2fae32f81b..ed00fef58996 100644 --- a/net/netfilter/xt_NFQUEUE.c +++ b/net/netfilter/xt_NFQUEUE.c @@ -147,6 +147,7 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par) { const struct xt_NFQ_info_v3 *info = par->targinfo; u32 queue = info->queuenum; + int ret; if (info->queues_total > 1) { if (info->flags & NFQ_FLAG_CPU_FANOUT) { @@ -157,7 +158,11 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par) queue = nfqueue_hash(skb, par); } - return NF_QUEUE_NR(queue); + ret = NF_QUEUE_NR(queue); + if (info->flags & NFQ_FLAG_BYPASS) + ret |= NF_VERDICT_FLAG_QUEUE_BYPASS; + + return ret; } static struct xt_target nfqueue_tg_reg[] __read_mostly = { |