| From stable-bounces@linux.kernel.org Thu Nov 30 19:52:58 2006 |
| Date: Thu, 30 Nov 2006 19:47:58 -0800 (PST) |
| Message-Id: <20061130.194758.42773919.davem@davemloft.net> |
| To: stable@kernel.org |
| From: David Miller <davem@davemloft.net> |
| Cc: bunk@stusta.de |
| Subject: EBTABLES: Deal with the worst-case behaviour in loop checks. |
| |
| From: Al Viro <viro@zeniv.linux.org.uk> |
| |
| No need to revisit a chain we'd already finished with during |
| the check for current hook. It's either instant loop (which |
| we'd just detected) or a duplicate work. |
| |
| Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Chris Wright <chrisw@sous-sol.org> |
| --- |
| net/bridge/netfilter/ebtables.c | 4 +++- |
| 1 file changed, 3 insertions(+), 1 deletion(-) |
| |
| --- linux-2.6.19.orig/net/bridge/netfilter/ebtables.c |
| +++ linux-2.6.19/net/bridge/netfilter/ebtables.c |
| @@ -717,7 +717,9 @@ static int check_chainloops(struct ebt_e |
| BUGPRINT("loop\n"); |
| return -1; |
| } |
| - /* this can't be 0, so the above test is correct */ |
| + if (cl_s[i].hookmask & (1 << hooknr)) |
| + goto letscontinue; |
| + /* this can't be 0, so the loop test is correct */ |
| cl_s[i].cs.n = pos + 1; |
| pos = 0; |
| cl_s[i].cs.e = ((void *)e + e->next_offset); |
