netfilter: nf_queue: Don't recompute the hook_list head

If someone sends packets from one of the netdevice ingress hooks to the a userspace queue, and then userspace later accepts the packet, the netfilter code can enter an infinite loop as the list head will never be found. Pass in the saved list_head to avoid this. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Eric W. Biederman <ebiederm@xmission.com> 2015-06-19 17:23:37 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-07-02 15:03:13 +0200
commit: f307170d6e591a48529425b1ed6ca835790995a9 (patch)
tree: a067197638084b8853d59ed6af1f0c5209f5ad9a /net
parent: 4da3064d1775810f10f7ddc1c34c3f1ff502a654 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index cd60d397fe05..8a8b2abc35ff 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -213,7 +213,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 
 	if (verdict == NF_ACCEPT) {
 	next_hook:
-		verdict = nf_iterate(&nf_hooks[entry->state.pf][entry->state.hook],
+		verdict = nf_iterate(entry->state.hook_list,
 				     skb, &entry->state, &elem);
 	}
author	Eric W. Biederman <ebiederm@xmission.com>	2015-06-19 17:23:37 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-07-02 15:03:13 +0200
commit	f307170d6e591a48529425b1ed6ca835790995a9 (patch)
tree	a067197638084b8853d59ed6af1f0c5209f5ad9a /net
parent	4da3064d1775810f10f7ddc1c34c3f1ff502a654 (diff)