git://ftp.safe.ca / safe / jmp / linux-2.6 / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 90e7d4a) | patch
netfilter: xtables: check for standard verdicts in policies
authorJan Engelhardt <jengelh@medozas.de>
Sat, 18 Jul 2009 13:22:30 +0000 (15:22 +0200)
committerJan Engelhardt <jengelh@medozas.de>
Mon, 10 Aug 2009 11:35:31 +0000 (13:35 +0200)
commite2fe35c17fed62d4ab5038fa9bc489e967ff8416
tree84a4b0b688276b6788081f441984abd01d036b4dtree | snapshot
parent90e7d4ab5c8b0c4c2e00e4893977f6aeec0f18f1commit | diff
netfilter: xtables: check for standard verdicts in policies

This adds the second check that Rusty wanted to have a long time ago. :-)

Base chain policies must have absolute verdicts that cease processing
in the table, otherwise rule execution may continue in an unexpected
spurious fashion (e.g. next chain that follows in memory).

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
net/ipv4/netfilter/arp_tables.c diff | blob | history
net/ipv4/netfilter/ip_tables.c diff | blob | history
net/ipv6/netfilter/ip6_tables.c diff | blob | history
Full containers within linux kernel