• F
    netfilter: ipv6: avoid nf_iterate recursion · daaa7d64
    Florian Westphal 提交于
    The previous patch changed nf_ct_frag6_gather() to morph reassembled skb
    with the previous one.
    
    This means that the return value is always NULL or the skb argument.
    So change it to an err value.
    
    Instead of invoking NF_HOOK recursively with threshold to skip already-called hooks
    we can now just return NF_ACCEPT to move on to the next hook except for
    -EINPROGRESS (which means skb has been queued for reassembly), in which case we
    return NF_STOLEN.
    Signed-off-by: NFlorian Westphal <fw@strlen.de>
    Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
    daaa7d64
conntrack.c 18.0 KB