Commit 563e1232 authored Oct 31, 2011 by Florian Westphal Committed by Pablo Neira Ayuso Nov 01, 2011

netfilter: do not propagate nf_queue errors in nf_hook_slow



commit f1585086
(netfilter: nfnetlink_queue: return error number to caller)
erronously assigns the return value of nf_queue() to the "ret" value.

This can cause bogus return values if we encounter QUEUE verdict
when bypassing is enabled, the listener does not exist and the
next hook returns NF_STOLEN.

In this case nf_hook_slow returned -ESRCH instead of 0.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 0e05e192

net/netfilter/core.c

+5 −6

Original line number	Diff line number	Diff line
		@@ -180,17 +180,16 @@ int nf_hook_slow(u_int8_t pf, unsigned int hook, struct sk_buff *skb,
		if (ret == 0)
		ret = -EPERM;
		} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
		ret = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
		int err = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
		verdict >> NF_VERDICT_QBITS);
		if (ret < 0) {
		if (ret == -ECANCELED)
		if (err < 0) {
		if (err == -ECANCELED)
		goto next_hook;
		if (ret == -ESRCH &&
		if (err == -ESRCH &&
		(verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
		goto next_hook;
		kfree_skb(skb);
		}
		ret = 0;
		}
		rcu_read_unlock();
		return ret;