diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2010-04-19 16:05:10 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-04-19 16:05:10 +0200 |
commit | f3c5c1bfd430858d3a05436f82c51e53104feb6b (patch) | |
tree | ada5b570b66e141e79fdb256f69e2541a3d30c04 /net/ipv4/ip_output.c | |
parent | e281b19897dc21c1071802808d461627d747a877 (diff) | |
download | linux-f3c5c1bfd430858d3a05436f82c51e53104feb6b.tar.gz linux-f3c5c1bfd430858d3a05436f82c51e53104feb6b.tar.bz2 linux-f3c5c1bfd430858d3a05436f82c51e53104feb6b.zip |
netfilter: xtables: make ip_tables reentrant
Currently, the table traverser stores return addresses in the ruleset
itself (struct ip6t_entry->comefrom). This has a well-known drawback:
the jumpstack is overwritten on reentry, making it necessary for
targets to return absolute verdicts. Also, the ruleset (which might
be heavy memory-wise) needs to be replicated for each CPU that can
possibly invoke ip6t_do_table.
This patch decouples the jumpstack from struct ip6t_entry and instead
puts it into xt_table_info. Not being restricted by 'comefrom'
anymore, we can set up a stack as needed. By default, there is room
allocated for two entries into the traverser.
arp_tables is not touched though, because there is just one/two
modules and further patches seek to collapse the table traverser
anyhow.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4/ip_output.c')
0 files changed, 0 insertions, 0 deletions