diff options
-rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 4 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 4 |
4 files changed, 8 insertions, 6 deletions
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 12ce47808e7d..d19d65cf4530 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
@@ -109,7 +109,8 @@ struct ipt_counters | |||
109 | 109 | ||
110 | /* Values for "flag" field in struct ipt_ip (general ip structure). */ | 110 | /* Values for "flag" field in struct ipt_ip (general ip structure). */ |
111 | #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ | 111 | #define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ |
112 | #define IPT_F_MASK 0x01 /* All possible flag bits mask. */ | 112 | #define IPT_F_GOTO 0x02 /* Set if jump is a goto */ |
113 | #define IPT_F_MASK 0x03 /* All possible flag bits mask. */ | ||
113 | 114 | ||
114 | /* Values for "inv" field in struct ipt_ip. */ | 115 | /* Values for "inv" field in struct ipt_ip. */ |
115 | #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ | 116 | #define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index f1ce3b009853..58c72a52dc65 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
@@ -111,7 +111,8 @@ struct ip6t_counters | |||
111 | #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper | 111 | #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper |
112 | protocols */ | 112 | protocols */ |
113 | #define IP6T_F_TOS 0x02 /* Match the TOS. */ | 113 | #define IP6T_F_TOS 0x02 /* Match the TOS. */ |
114 | #define IP6T_F_MASK 0x03 /* All possible flag bits mask. */ | 114 | #define IP6T_F_GOTO 0x04 /* Set if jump is a goto */ |
115 | #define IP6T_F_MASK 0x07 /* All possible flag bits mask. */ | ||
115 | 116 | ||
116 | /* Values for "inv" field in struct ip6t_ip6. */ | 117 | /* Values for "inv" field in struct ip6t_ip6. */ |
117 | #define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ | 118 | #define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index ff8d85d2070d..eef99a1b5de6 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -340,8 +340,8 @@ ipt_do_table(struct sk_buff **pskb, | |||
340 | back->comefrom); | 340 | back->comefrom); |
341 | continue; | 341 | continue; |
342 | } | 342 | } |
343 | if (table_base + v | 343 | if (table_base + v != (void *)e + e->next_offset |
344 | != (void *)e + e->next_offset) { | 344 | && !(e->ip.flags & IPT_F_GOTO)) { |
345 | /* Save old back ptr in next entry */ | 345 | /* Save old back ptr in next entry */ |
346 | struct ipt_entry *next | 346 | struct ipt_entry *next |
347 | = (void *)e + e->next_offset; | 347 | = (void *)e + e->next_offset; |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 41a67cf6e33a..1cb8adb2787f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -433,8 +433,8 @@ ip6t_do_table(struct sk_buff **pskb, | |||
433 | back->comefrom); | 433 | back->comefrom); |
434 | continue; | 434 | continue; |
435 | } | 435 | } |
436 | if (table_base + v | 436 | if (table_base + v != (void *)e + e->next_offset |
437 | != (void *)e + e->next_offset) { | 437 | && !(e->ipv6.flags & IP6T_F_GOTO)) { |
438 | /* Save old back ptr in next entry */ | 438 | /* Save old back ptr in next entry */ |
439 | struct ip6t_entry *next | 439 | struct ip6t_entry *next |
440 | = (void *)e + e->next_offset; | 440 | = (void *)e + e->next_offset; |