diff options
| author | Florian Westphal <fw@strlen.de> | 2010-08-23 17:41:22 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-08-23 17:41:22 -0400 |
| commit | cca77b7c81876d819a5806f408b3c29b5b61a815 (patch) | |
| tree | 722c5777a1a96d1d0228c58a6fcbd09c45c8ae56 /net/ipv6 | |
| parent | 6a6d01d374d03bd2f90030200cb78567444addc4 (diff) | |
netfilter: fix CONFIG_COMPAT support
commit f3c5c1bfd430858d3a05436f82c51e53104feb6b
(netfilter: xtables: make ip_tables reentrant) forgot to
also compute the jumpstack size in the compat handlers.
Result is that "iptables -I INPUT -j userchain" turns into -j DROP.
Reported by Sebastian Roesner on #netfilter, closes
http://bugzilla.netfilter.org/show_bug.cgi?id=669.
Note: arptables change is compile-tested only.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 29a7bca29e3f..8e754be92c24 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -1766,6 +1766,9 @@ translate_compat_table(struct net *net, | |||
| 1766 | if (ret != 0) | 1766 | if (ret != 0) |
| 1767 | break; | 1767 | break; |
| 1768 | ++i; | 1768 | ++i; |
| 1769 | if (strcmp(ip6t_get_target(iter1)->u.user.name, | ||
| 1770 | XT_ERROR_TARGET) == 0) | ||
| 1771 | ++newinfo->stacksize; | ||
| 1769 | } | 1772 | } |
| 1770 | if (ret) { | 1773 | if (ret) { |
| 1771 | /* | 1774 | /* |