summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-10-29 16:53:44 -0400
committerDavid S. Miller <davem@davemloft.net>2013-10-29 16:53:44 -0400
commit68783ec73c3b77b405f7670e37ecef15d25f5e55 (patch)
treebf29814fd401872522563bb94067f4f38a575ea2 /net
parent059dfa6a93b779516321e5112db9d7621b1367ba (diff)
parentd954777324ffcba0b2f8119c102237426c654eeb (diff)
downloadlinux-stable-68783ec73c3b77b405f7670e37ecef15d25f5e55.tar.gz
linux-stable-68783ec73c3b77b405f7670e37ecef15d25f5e55.tar.bz2
linux-stable-68783ec73c3b77b405f7670e37ecef15d25f5e55.zip
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says: ==================== This pull request contains the following netfilter fix: * fix --queue-bypass in xt_NFQUEUE revision 3. While adding the revision 3 of this target, the bypass flags were not correctly handled anymore, thus, breaking packet bypassing if no application is listening from userspace, patch from Holger Eitzenberger, reported by Florian Westphal. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/xt_NFQUEUE.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 1e2fae32f81b..ed00fef58996 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -147,6 +147,7 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct xt_NFQ_info_v3 *info = par->targinfo;
u32 queue = info->queuenum;
+ int ret;
if (info->queues_total > 1) {
if (info->flags & NFQ_FLAG_CPU_FANOUT) {
@@ -157,7 +158,11 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
queue = nfqueue_hash(skb, par);
}
- return NF_QUEUE_NR(queue);
+ ret = NF_QUEUE_NR(queue);
+ if (info->flags & NFQ_FLAG_BYPASS)
+ ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
+
+ return ret;
}
static struct xt_target nfqueue_tg_reg[] __read_mostly = {