netfilter: xt_NFQUEUE: fix --queue-bypass regression

V3 of the NFQUEUE target ignores the --queue-bypass flag, causing packets to be dropped when the userspace listener isn't running. Regression is in since 8746ddcf12bb26 ("netfilter: xt_NFQUEUE: introduce CPU fanout"). Reported-by: Florian Westphal <fw@strlen.de> Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Holger Eitzenberger <holger@eitzenberger.org> 2013-10-28 09:42:33 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-10-29 08:05:54 -0400
commit: d954777324ffcba0b2f8119c102237426c654eeb (patch)
tree: 3b361575b15c6fc695d72b3057a5c1015028d10b
parent: fecda03493646b53f53892fa3c38c75ba9310374 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/net/netfilter/xt_NFQUEUE.c b/net/netfilter/xt_NFQUEUE.c
index 1e2fae32f81b..ed00fef58996 100644
--- a/net/netfilter/xt_NFQUEUE.c
+++ b/net/netfilter/xt_NFQUEUE.c
@@ -147,6 +147,7 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
 {
        const struct xt_NFQ_info_v3 *info = par->targinfo;
        u32 queue = info->queuenum;
+        int ret;
        if (info->queues_total > 1) {
                if (info->flags & NFQ_FLAG_CPU_FANOUT) {
@@ -157,7 +158,11 @@ nfqueue_tg_v3(struct sk_buff *skb, const struct xt_action_param *par)
                        queue = nfqueue_hash(skb, par);
        }
-        return NF_QUEUE_NR(queue);
+        ret = NF_QUEUE_NR(queue);
+        if (info->flags & NFQ_FLAG_BYPASS)
+                ret |= NF_VERDICT_FLAG_QUEUE_BYPASS;
+        return ret;
 }
 static struct xt_target nfqueue_tg_reg[] __read_mostly = {
author	Holger Eitzenberger <holger@eitzenberger.org>	2013-10-28 09:42:33 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-10-29 08:05:54 -0400
commit	d954777324ffcba0b2f8119c102237426c654eeb (patch)
tree	3b361575b15c6fc695d72b3057a5c1015028d10b
parent	fecda03493646b53f53892fa3c38c75ba9310374 (diff)