aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h3
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h3
-rw-r--r--net/ipv4/netfilter/ip_tables.c4
-rw-r--r--net/ipv6/netfilter/ip6_tables.c4
4 files changed, 8 insertions, 6 deletions
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 12ce47808e7d..d19d65cf4530 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -109,7 +109,8 @@ struct ipt_counters
109 109
110/* Values for "flag" field in struct ipt_ip (general ip structure). */ 110/* Values for "flag" field in struct ipt_ip (general ip structure). */
111#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ 111#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */
112#define IPT_F_MASK 0x01 /* All possible flag bits mask. */ 112#define IPT_F_GOTO 0x02 /* Set if jump is a goto */
113#define IPT_F_MASK 0x03 /* All possible flag bits mask. */
113 114
114/* Values for "inv" field in struct ipt_ip. */ 115/* Values for "inv" field in struct ipt_ip. */
115#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 116#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index f1ce3b009853..58c72a52dc65 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -111,7 +111,8 @@ struct ip6t_counters
111#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper 111#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper
112 protocols */ 112 protocols */
113#define IP6T_F_TOS 0x02 /* Match the TOS. */ 113#define IP6T_F_TOS 0x02 /* Match the TOS. */
114#define IP6T_F_MASK 0x03 /* All possible flag bits mask. */ 114#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */
115#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */
115 116
116/* Values for "inv" field in struct ip6t_ip6. */ 117/* Values for "inv" field in struct ip6t_ip6. */
117#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 118#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index ff8d85d2070d..eef99a1b5de6 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -340,8 +340,8 @@ ipt_do_table(struct sk_buff **pskb,
340 back->comefrom); 340 back->comefrom);
341 continue; 341 continue;
342 } 342 }
343 if (table_base + v 343 if (table_base + v != (void *)e + e->next_offset
344 != (void *)e + e->next_offset) { 344 && !(e->ip.flags & IPT_F_GOTO)) {
345 /* Save old back ptr in next entry */ 345 /* Save old back ptr in next entry */
346 struct ipt_entry *next 346 struct ipt_entry *next
347 = (void *)e + e->next_offset; 347 = (void *)e + e->next_offset;
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 41a67cf6e33a..1cb8adb2787f 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -433,8 +433,8 @@ ip6t_do_table(struct sk_buff **pskb,
433 back->comefrom); 433 back->comefrom);
434 continue; 434 continue;
435 } 435 }
436 if (table_base + v 436 if (table_base + v != (void *)e + e->next_offset
437 != (void *)e + e->next_offset) { 437 && !(e->ipv6.flags & IP6T_F_GOTO)) {
438 /* Save old back ptr in next entry */ 438 /* Save old back ptr in next entry */
439 struct ip6t_entry *next 439 struct ip6t_entry *next
440 = (void *)e + e->next_offset; 440 = (void *)e + e->next_offset;