Re: Last night Linus bk - netfilter busted?

From: Patrick McHardy
Date: Fri Mar 11 2005 - 18:44:10 EST

Next message: Gene Heskett: "Re: Linux 2.6.11.2"
Previous message: Martin Schlemmer: "Re: AGP bogosities"
In reply to: Herbert Xu: "Re: Last night Linus bk - netfilter busted?"
Next in thread: Dmitry Torokhov: "Re: Last night Linus bk - netfilter busted?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Herbert Xu wrote:

Patrick McHardy <kaber@xxxxxxxxx> wrote:

You're right, good catch. IPT_RETURN is interpreted internally by
ip_tables, but since the value changed it isn't recognized by ip_tables
anymore and returned to nf_iterate() as NF_REPEAT. This patch restores
the old value.

Please fix netfilter_arp while you're at it since it does exactly
the same thing.

New patch attached, thanks.

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2005/03/11 23:54:54+01:00 kaber@xxxxxxxxxxxx
# [NETFILTER]: Fix iptables userspace compatibility breakage
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# include/linux/netfilter_ipv6/ip6_tables.h
# 2005/03/11 23:54:44+01:00 kaber@xxxxxxxxxxxx +1 -1
# [NETFILTER]: Fix iptables userspace compatibility breakage
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# include/linux/netfilter_ipv4/ip_tables.h
# 2005/03/11 23:54:44+01:00 kaber@xxxxxxxxxxxx +1 -1
# [NETFILTER]: Fix iptables userspace compatibility breakage
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
# include/linux/netfilter_arp/arp_tables.h
# 2005/03/11 23:54:44+01:00 kaber@xxxxxxxxxxxx +1 -1
# [NETFILTER]: Fix iptables userspace compatibility breakage
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
#
diff -Nru a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
--- a/include/linux/netfilter_arp/arp_tables.h 2005-03-11 23:55:09 +01:00
+++ b/include/linux/netfilter_arp/arp_tables.h 2005-03-11 23:55:09 +01:00
@@ -154,7 +154,7 @@
#define ARPT_CONTINUE 0xFFFFFFFF

/* For standard target */
-#define ARPT_RETURN (-NF_MAX_VERDICT - 1)
+#define ARPT_RETURN (-NF_REPEAT - 1)

/* The argument to ARPT_SO_GET_INFO */
struct arpt_getinfo
diff -Nru a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
--- a/include/linux/netfilter_ipv4/ip_tables.h 2005-03-11 23:55:09 +01:00
+++ b/include/linux/netfilter_ipv4/ip_tables.h 2005-03-11 23:55:09 +01:00
@@ -166,7 +166,7 @@
#define IPT_CONTINUE 0xFFFFFFFF

/* For standard target */
-#define IPT_RETURN (-NF_MAX_VERDICT - 1)
+#define IPT_RETURN (-NF_REPEAT - 1)

/* TCP matching stuff */
struct ipt_tcp
diff -Nru a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
--- a/include/linux/netfilter_ipv6/ip6_tables.h 2005-03-11 23:55:09 +01:00
+++ b/include/linux/netfilter_ipv6/ip6_tables.h 2005-03-11 23:55:09 +01:00
@@ -166,7 +166,7 @@
#define IP6T_CONTINUE 0xFFFFFFFF

/* For standard target */
-#define IP6T_RETURN (-NF_MAX_VERDICT - 1)
+#define IP6T_RETURN (-NF_REPEAT - 1)

/* TCP matching stuff */
struct ip6t_tcp

Next message: Gene Heskett: "Re: Linux 2.6.11.2"
Previous message: Martin Schlemmer: "Re: AGP bogosities"
In reply to: Herbert Xu: "Re: Last night Linus bk - netfilter busted?"
Next in thread: Dmitry Torokhov: "Re: Last night Linus bk - netfilter busted?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]