Re: [PATCH 3.10 007/180] netfilter: x_tables: validate targets of jumps

From: Willy Tarreau
Date: Sun Aug 21 2016 - 15:58:14 EST


On Sun, Aug 21, 2016 at 05:28:57PM +0200, Willy Tarreau wrote:
> From: Florian Westphal <fw@xxxxxxxxx>
>
> commit 36472341017529e2b12573093cc0f68719300997 upstream.
>
> When we see a jump also check that the offset gets us to beginning of
> a rule (an ipt_entry).
(...)

Sorry, this patch is bad and causes performance issues, I didn't notice
that 3.14 had a different version, below. Thanks to Jay for reporting
the problem to me. I'll push 3.10.103-rc2 after some cool down period.

Willy

----