[EBTABLES]: Deal with the worst-case behaviour in loop checks.

No need to revisit a chain we'd already finished with during the check for current hook. It's either instant loop (which we'd just detected) or a duplicate work. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Al Viro <viro@zeniv.linux.org.uk> 2006-11-30 22:24:49 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-12-03 00:31:55 -0500
commit: 98a0824a0f33d051f31ca8ff59e289755b244ede (patch)
tree: 5f8ea3519c60809dc880dfb9737d6a5ebcd8dab0
parent: 40642f95f5f818579bc4cc3ee084b033e662d5b3 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 6ab7674ea454..46ab9b759269 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -717,7 +717,9 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s
                                BUGPRINT("loop\n");
                                return -1;
                        }
-                        /* this can't be 0, so the above test is correct */
+                        if (cl_s[i].hookmask & (1 << hooknr))
+                                goto letscontinue;
+                        /* this can't be 0, so the loop test is correct */
                        cl_s[i].cs.n = pos + 1;
                        pos = 0;
                        cl_s[i].cs.e = ((void *)e + e->next_offset);
author	Al Viro <viro@zeniv.linux.org.uk>	2006-11-30 22:24:49 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-12-03 00:31:55 -0500
commit	98a0824a0f33d051f31ca8ff59e289755b244ede (patch)
tree	5f8ea3519c60809dc880dfb9737d6a5ebcd8dab0
parent	40642f95f5f818579bc4cc3ee084b033e662d5b3 (diff)