summaryrefslogtreecommitdiffstats
path: root/net/ipv4/ip_output.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2010-04-19 16:05:10 +0200
committerPatrick McHardy <kaber@trash.net>2010-04-19 16:05:10 +0200
commitf3c5c1bfd430858d3a05436f82c51e53104feb6b (patch)
treeada5b570b66e141e79fdb256f69e2541a3d30c04 /net/ipv4/ip_output.c
parente281b19897dc21c1071802808d461627d747a877 (diff)
downloadlinux-f3c5c1bfd430858d3a05436f82c51e53104feb6b.tar.gz
linux-f3c5c1bfd430858d3a05436f82c51e53104feb6b.tar.bz2
linux-f3c5c1bfd430858d3a05436f82c51e53104feb6b.zip
netfilter: xtables: make ip_tables reentrant
Currently, the table traverser stores return addresses in the ruleset itself (struct ip6t_entry->comefrom). This has a well-known drawback: the jumpstack is overwritten on reentry, making it necessary for targets to return absolute verdicts. Also, the ruleset (which might be heavy memory-wise) needs to be replicated for each CPU that can possibly invoke ip6t_do_table. This patch decouples the jumpstack from struct ip6t_entry and instead puts it into xt_table_info. Not being restricted by 'comefrom' anymore, we can set up a stack as needed. By default, there is room allocated for two entries into the traverser. arp_tables is not touched though, because there is just one/two modules and further patches seek to collapse the table traverser anyhow. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4/ip_output.c')
0 files changed, 0 insertions, 0 deletions