aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/bridge/netfilter/ebtables.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index c4f7a2e8ed39..7964d3f03886 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -78,9 +78,10 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w,
78 78
79static inline int ebt_do_match (struct ebt_entry_match *m, 79static inline int ebt_do_match (struct ebt_entry_match *m,
80 const struct sk_buff *skb, const struct net_device *in, 80 const struct sk_buff *skb, const struct net_device *in,
81 const struct net_device *out) 81 const struct net_device *out, bool *hotdrop)
82{ 82{
83 return m->u.match->match(skb, in, out, m->u.match, m->data, 0, 0, NULL); 83 return m->u.match->match(skb, in, out, m->u.match,
84 m->data, 0, 0, hotdrop);
84} 85}
85 86
86static inline int ebt_dev_check(char *entry, const struct net_device *device) 87static inline int ebt_dev_check(char *entry, const struct net_device *device)
@@ -156,6 +157,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
156 struct ebt_entries *chaininfo; 157 struct ebt_entries *chaininfo;
157 char *base; 158 char *base;
158 struct ebt_table_info *private; 159 struct ebt_table_info *private;
160 bool hotdrop = false;
159 161
160 read_lock_bh(&table->lock); 162 read_lock_bh(&table->lock);
161 private = table->private; 163 private = table->private;
@@ -176,8 +178,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
176 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 178 if (ebt_basic_match(point, eth_hdr(skb), in, out))
177 goto letscontinue; 179 goto letscontinue;
178 180
179 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) 181 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb,
182 in, out, &hotdrop) != 0)
180 goto letscontinue; 183 goto letscontinue;
184 if (hotdrop) {
185 read_unlock_bh(&table->lock);
186 return NF_DROP;
187 }
181 188
182 /* increase counter */ 189 /* increase counter */
183 (*(counter_base + i)).pcnt++; 190 (*(counter_base + i)).pcnt++;