kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

netfilter: nf_tables: allow expressions to return STOLEN

Browse source 
Currently not supported, we'd oops as skb was (or is) free'd elsewhere.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2016-10-18 17:35:18 +02:00 committed by Pablo Neira Ayuso
parent 0813fbc913
commit 5efa0fc6d7
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
net/netfilter/nf_tables_core.c
View file

@ -178,6 +178,7 @@ next_rule:
case NF_ACCEPT: case NF_ACCEPT:
case NF_DROP: case NF_DROP:
case NF_QUEUE: case NF_QUEUE:
case NF_STOLEN:
nft_trace_packet(&info, chain, rule, nft_trace_packet(&info, chain, rule,
rulenum, NFT_TRACETYPE_RULE); rulenum, NFT_TRACETYPE_RULE);
return regs.verdict.code; return regs.verdict.code;