git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 18 Nov 2015 22:32:40 +0000 (23:32 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 23 Nov 2015 16:54:45 +0000 (17:54 +0100)
commit	56157d41731eb5c35fa8237e94e3f20220f4f7f4
tree	bc0ecf36c021ae09c845364acbd918afbd0a693e	tree \| snapshot
parent	522794cdb3e6d87dbc9956508c117d08ad5c794b	commit \| diff

netfilter: ipv6: avoid nf_iterate recursion

The previous patch changed nf_ct_frag6_gather() to morph reassembled skb
with the previous one.

This means that the return value is always NULL or the skb argument.
So change it to an err value.

Instead of invoking NF_HOOK recursively with threshold to skip already-called hooks
we can now just return NF_ACCEPT to move on to the next hook except for
-EINPROGRESS (which means skb has been queued for reassembly), in which case we
return NF_STOLEN.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/ipv6/nf_defrag_ipv6.h		diff \| blob \| history
net/ipv6/netfilter/nf_conntrack_reasm.c		diff \| blob \| history
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c		diff \| blob \| history
net/openvswitch/conntrack.c		diff \| blob \| history