Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

Pablo Neira Ayuso says:

====================
This pull request contains the following netfilter fix:

* fix --queue-bypass in xt_NFQUEUE revision 3. While adding the
  revision 3 of this target, the bypass flags were not correctly
  handled anymore, thus, breaking packet bypassing if no application
  is listening from userspace, patch from Holger Eitzenberger,
  reported by Florian Westphal.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 6 insertions, 1 deletions

diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 1e2fae32f81b..ed00fef58996 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -147,6 +147,7 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
 {
         const struct xt_NFQ_info_v3 *info = par->targinfo;
         u32 queue = info->queuenum;
+        int ret;
 
         if (info->queues_total > 1) {
                 if (info->flags & NFQ_FLAG_CPU_FANOUT) {
@@ -157,7 +158,11 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
                         queue = nfqueue_hash(skb, par);
         }
 
-        return NF_QUEUE_NR(queue);
+        ret = NF_QUEUE_NR(queue);
+        if (info->flags & NFQ_FLAG_BYPASS)
+                ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
+
+        return ret;
 }
 
 static struct xt_target nfqueue_tg_reg[] __read_mostly = {