-
由 Florian Westphal 提交于
mainline inclusion from mainline-v5.5-rc1 commit ca58fbe0 category: bugfix bugzilla: NA CVE: CVE-2021-20177 -------------------------------- At this time, NF_HOOK_LIST() macro will iterate the list and then calls nf_hook() for each individual skb. This makes it so the entire list is passed into the netfilter core. The advantage is that we only need to fetch the rule blob once per list instead of per-skb. NF_HOOK_LIST now only works for ipv4 and ipv6, as those are the only callers. v2: use skb_list_del_init() instead of list_del (Edward Cree) Signed-off-by: NFlorian Westphal <fw@strlen.de> Acked-by: NEdward Cree <ecree@solarflare.com> Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org> Conflicts: include/linux/netfilter.h net/netfilter/core.c [yyl: adjust context] Signed-off-by: NYang Yingliang <yangyingliang@huawei.com> Reviewed-by: NYue Haibing <yuehaibing@huawei.com> Reviewed-by: NJason Yan <yanaijie@huawei.com> Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
7a23f840