Commit 563e1232 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: do not propagate nf_queue errors in nf_hook_slow

commit f1585086
(netfilter: nfnetlink_queue: return error number to caller)
erronously assigns the return value of nf_queue() to the "ret" value.

This can cause bogus return values if we encounter QUEUE verdict
when bypassing is enabled, the listener does not exist and the
next hook returns NF_STOLEN.

In this case nf_hook_slow returned -ESRCH instead of 0.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0e05e192
...@@ -180,17 +180,16 @@ int nf_hook_slow(u_int8_t pf, unsigned int hook, struct sk_buff *skb, ...@@ -180,17 +180,16 @@ int nf_hook_slow(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
if (ret == 0) if (ret == 0)
ret = -EPERM; ret = -EPERM;
} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
ret = nf_queue(skb, elem, pf, hook, indev, outdev, okfn, int err = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
verdict >> NF_VERDICT_QBITS); verdict >> NF_VERDICT_QBITS);
if (ret < 0) { if (err < 0) {
if (ret == -ECANCELED) if (err == -ECANCELED)
goto next_hook; goto next_hook;
if (ret == -ESRCH && if (err == -ESRCH &&
(verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
goto next_hook; goto next_hook;
kfree_skb(skb); kfree_skb(skb);
} }
ret = 0;
} }
rcu_read_unlock(); rcu_read_unlock();
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment