diff options
| author | Florian Westphal <fw@strlen.de> | 2010-08-23 17:41:22 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-08-23 17:41:22 -0400 |
| commit | cca77b7c81876d819a5806f408b3c29b5b61a815 (patch) | |
| tree | 722c5777a1a96d1d0228c58a6fcbd09c45c8ae56 /net | |
| parent | 6a6d01d374d03bd2f90030200cb78567444addc4 (diff) | |
netfilter: fix CONFIG_COMPAT support
commit f3c5c1bfd430858d3a05436f82c51e53104feb6b
(netfilter: xtables: make ip_tables reentrant) forgot to
also compute the jumpstack size in the compat handlers.
Result is that "iptables -I INPUT -j userchain" turns into -j DROP.
Reported by Sebastian Roesner on #netfilter, closes
http://bugzilla.netfilter.org/show_bug.cgi?id=669.
Note: arptables change is compile-tested only.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Mikael Pettersson <mikpe@it.uu.se>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 3 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 3 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 3 |
3 files changed, 9 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 51d6c3167975..e8f4f9a57f12 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -1420,6 +1420,9 @@ static int translate_compat_table(const char *name, | |||
| 1420 | if (ret != 0) | 1420 | if (ret != 0) |
| 1421 | break; | 1421 | break; |
| 1422 | ++i; | 1422 | ++i; |
| 1423 | if (strcmp(arpt_get_target(iter1)->u.user.name, | ||
| 1424 | XT_ERROR_TARGET) == 0) | ||
| 1425 | ++newinfo->stacksize; | ||
| 1423 | } | 1426 | } |
| 1424 | if (ret) { | 1427 | if (ret) { |
| 1425 | /* | 1428 | /* |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 97b64b22c412..d163f2e3b2e9 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1751,6 +1751,9 @@ translate_compat_table(struct net *net, | |||
| 1751 | if (ret != 0) | 1751 | if (ret != 0) |
| 1752 | break; | 1752 | break; |
| 1753 | ++i; | 1753 | ++i; |
| 1754 | if (strcmp(ipt_get_target(iter1)->u.user.name, | ||
| 1755 | XT_ERROR_TARGET) == 0) | ||
| 1756 | ++newinfo->stacksize; | ||
| 1754 | } | 1757 | } |
| 1755 | if (ret) { | 1758 | if (ret) { |
| 1756 | /* | 1759 | /* |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 29a7bca29e3f..8e754be92c24 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -1766,6 +1766,9 @@ translate_compat_table(struct net *net, | |||
| 1766 | if (ret != 0) | 1766 | if (ret != 0) |
| 1767 | break; | 1767 | break; |
| 1768 | ++i; | 1768 | ++i; |
| 1769 | if (strcmp(ip6t_get_target(iter1)->u.user.name, | ||
| 1770 | XT_ERROR_TARGET) == 0) | ||
| 1771 | ++newinfo->stacksize; | ||
| 1769 | } | 1772 | } |
| 1770 | if (ret) { | 1773 | if (ret) { |
| 1771 | /* | 1774 | /* |