diff options
author | Patrick McHardy <kaber@trash.net> | 2006-08-17 21:13:53 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-08-17 21:13:53 -0400 |
commit | 8311731afc439f508ab4d759edadedae75afb73e (patch) | |
tree | c1f63cd1d4e10b6a62c3a62e2407c998d9fbaec6 /net | |
parent | d205dc40798d97d63ad348bfaf7394f445d152d4 (diff) |
[NETFILTER]: ip_tables: fix table locking in ipt_do_table
table->private might change because of ruleset changes, don't use it without
holding the lock.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index f316ff5fd8a6..048514f15f2f 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -230,7 +230,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
230 | const char *indev, *outdev; | 230 | const char *indev, *outdev; |
231 | void *table_base; | 231 | void *table_base; |
232 | struct ipt_entry *e, *back; | 232 | struct ipt_entry *e, *back; |
233 | struct xt_table_info *private = table->private; | 233 | struct xt_table_info *private; |
234 | 234 | ||
235 | /* Initialization */ | 235 | /* Initialization */ |
236 | ip = (*pskb)->nh.iph; | 236 | ip = (*pskb)->nh.iph; |
@@ -247,6 +247,7 @@ ipt_do_table(struct sk_buff **pskb, | |||
247 | 247 | ||
248 | read_lock_bh(&table->lock); | 248 | read_lock_bh(&table->lock); |
249 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); | 249 | IP_NF_ASSERT(table->valid_hooks & (1 << hook)); |
250 | private = table->private; | ||
250 | table_base = (void *)private->entries[smp_processor_id()]; | 251 | table_base = (void *)private->entries[smp_processor_id()]; |
251 | e = get_entry(table_base, private->hook_entry[hook]); | 252 | e = get_entry(table_base, private->hook_entry[hook]); |
252 | 253 | ||