linux/net/ipv4
Patrick McHardy 1f9352ae22 netfilter: {ip,ip6,arp}_tables: fix incorrect loop detection
Commit e1b4b9f ([NETFILTER]: {ip,ip6,arp}_tables: fix exponential worst-case
search for loops) introduced a regression in the loop detection algorithm,
causing sporadic incorrectly detected loops.

When a chain has already been visited during the check, it is treated as
having a standard target containing a RETURN verdict directly at the
beginning in order to not check it again. The real target of the first
rule is then incorrectly treated as STANDARD target and checked not to
contain invalid verdicts.

Fix by making sure the rule does actually contain a standard target.

Based on patch by Francis Dupont <Francis_Dupont@isc.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-03-25 19:26:35 +01:00
..
netfilter netfilter: {ip,ip6,arp}_tables: fix incorrect loop detection 2009-03-25 19:26:35 +01:00
af_inet.c gro: Optimise IPv4 packet reception 2009-02-08 20:22:19 -08:00
ah4.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
arp.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
cipso_ipv4.c netlabel: Update kernel configuration API 2008-12-31 12:54:11 -05:00
datagram.c mib: add net to IP_INC_STATS_BH 2008-07-16 20:20:11 -07:00
devinet.c net: add ARP notify option for devices 2009-02-01 01:04:33 -08:00
esp4.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
fib_frontend.c net: clean up net/ipv4/fib_frontend.c fib_hash.c ip_gre.c 2008-11-03 00:25:16 -08:00
fib_hash.c net: clean up net/ipv4/fib_frontend.c fib_hash.c ip_gre.c 2008-11-03 00:25:16 -08:00
fib_lookup.h [IPV4] FIB_HASH: Reduce memory needs and speedup lookups 2008-01-28 15:02:46 -08:00
fib_rules.c net: add fib_rules_ops to flush_cache method 2008-07-05 19:01:28 -07:00
fib_semantics.c net: clean up net/ipv4/ah4.c esp4.c fib_semantics.c inet_connection_sock.c inetpeer.c ip_output.c 2008-11-03 00:23:42 -08:00
fib_trie.c net: replace NIPQUAD() in net/ipv4/ net/ipv6/ 2008-10-31 00:53:57 -07:00
icmp.c ip: support for TX timestamps on UDP and RAW sockets 2009-02-15 22:43:38 -08:00
igmp.c netns: igmp: make /proc/net/{igmp,mcfilter} per netns 2008-12-25 16:42:51 -08:00
inet_connection_sock.c net: move bsockets outside of read only beginning of struct inet_hashinfo 2009-02-01 12:31:33 -08:00
inet_diag.c net: Convert TCP/DCCP listening hash tables to use RCU 2008-11-23 17:22:55 -08:00
inet_fragment.c net: convert BUG_TRAP to generic WARN_ON 2008-07-25 21:43:18 -07:00
inet_hashtables.c net: move bsockets outside of read only beginning of struct inet_hashinfo 2009-02-01 12:31:33 -08:00
inet_lro.c include/net net/ - csum_partial - remove unnecessary casts 2008-11-19 15:44:53 -08:00
inet_timewait_sock.c net: convert TCP/DCCP ehash rwlocks to spinlocks 2008-11-20 20:39:09 -08:00
inetpeer.c net: clean up net/ipv4/ah4.c esp4.c fib_semantics.c inet_connection_sock.c inetpeer.c ip_output.c 2008-11-03 00:23:42 -08:00
ip_forward.c net: reduce structures when XFRM=n 2008-10-28 13:24:06 -07:00
ip_fragment.c net: '&' redux 2008-11-03 18:21:05 -08:00
ip_gre.c gre: optimize hash lookup 2009-01-26 20:56:10 -08:00
ip_input.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2008-11-18 23:38:23 -08:00
ip_options.c cipso: Add support for native local labeling and fixup mapping names 2008-10-10 10:16:34 -04:00
ip_output.c ip: support for TX timestamps on UDP and RAW sockets 2009-02-15 22:43:38 -08:00
ip_sockglue.c net: ip_sockglue.c add static, annotate ports' endianness 2008-11-20 01:54:27 -08:00
ipcomp.c netns xfrm: state lookup in netns 2008-11-25 17:30:50 -08:00
ipconfig.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
ipip.c net: fix tunnels in netns after ndo_ changes 2008-11-23 17:26:26 -08:00
ipmr.c ipmr: use goto to common label instead of opencoding 2009-02-06 23:46:51 -08:00
Kconfig IPVS: Move IPVS to net/netfilter/ipvs 2008-10-07 08:38:24 +11:00
Makefile IPVS: Move IPVS to net/netfilter/ipvs 2008-10-07 08:38:24 +11:00
netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
proc.c net: replace commatas with semicolons 2009-02-16 00:08:56 -08:00
protocol.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
raw.c ip: support for TX timestamps on UDP and RAW sockets 2009-02-15 22:43:38 -08:00
route.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
syncookies.c tcp: Port redirection support for TCP 2008-10-01 07:46:49 -07:00
sysctl_net_ipv4.c net: '&' redux 2008-11-03 18:21:05 -08:00
tcp_bic.c [TCP]: BIC web page link is corrected. 2008-02-28 22:14:32 -08:00
tcp_cong.c net: Remove CONFIG_KMOD from net/ (towards removing CONFIG_KMOD entirely) 2008-10-16 15:24:51 -07:00
tcp_cubic.c [TCP] CUBIC v2.3 2008-11-02 00:28:10 -07:00
tcp_diag.c net: inet_diag_handler structs can be const 2008-11-19 15:43:27 -08:00
tcp_highspeed.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_htcp.c tcp_htcp: last_cong bug fix 2008-11-12 01:41:09 -08:00
tcp_hybla.c tcp: Fix tcp_hybla zero congestion window growth with small rho and large cwnd. 2008-10-07 15:58:17 -07:00
tcp_illinois.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_input.c net_dma: convert to dma_find_channel 2009-01-06 11:38:15 -07:00
tcp_ipv4.c gro: Avoid copying headers of unmerged packets 2009-01-29 16:33:03 -08:00
tcp_lp.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_minisocks.c net: clean up net/ipv4/ipip.c raw.c tcp.c tcp_minisocks.c tcp_yeah.c xfrm4_policy.c 2008-11-03 00:24:34 -08:00
tcp_output.c Revert "tcp: Always set urgent pointer if it's beyond snd_nxt" 2009-02-05 15:38:31 -08:00
tcp_probe.c net: replace NIPQUAD() in net/ipv4/ net/ipv6/ 2008-10-31 00:53:57 -07:00
tcp_scalable.c [TCP]: Cong.ctrl modules: remove unused good_ack from cong_avoid 2008-01-28 14:55:41 -08:00
tcp_timer.c tcp: Stop scaring users with "treason uncloaked!" 2008-12-18 22:27:42 -08:00
tcp_vegas.c tcp: tcp_vegas cong avoid fix 2008-12-09 00:13:04 -08:00
tcp_vegas.h [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_veno.c net: fix returning void-valued expression warnings 2008-05-01 02:47:38 -07:00
tcp_westwood.c [TCP]: congestion control API pass RTT in microseconds 2007-07-31 02:27:57 -07:00
tcp_yeah.c net: clean up net/ipv4/ipip.c raw.c tcp.c tcp_minisocks.c tcp_yeah.c xfrm4_policy.c 2008-11-03 00:24:34 -08:00
tcp.c gro: Optimise TCP packet reception 2009-02-08 20:22:19 -08:00
tunnel4.c [IPV4] TUNNEL4: Fix incoming packet length check for inter-protocol tunnel. 2008-06-05 04:02:33 +09:00
udp_impl.h udp: introduce struct udp_table and multiple spinlocks 2008-10-29 01:41:45 -07:00
udp.c ip: support for TX timestamps on UDP and RAW sockets 2009-02-15 22:43:38 -08:00
udplite.c udp: RCU handling for Unicast packets. 2008-10-29 02:11:14 -07:00
xfrm4_input.c ipsec: Remove useless ret variable 2008-12-26 01:31:18 -08:00
xfrm4_mode_beet.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
xfrm4_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm4_mode_tunnel.c xfrm: fix fragmentation for ipv4 xfrm tunnel 2008-06-17 16:38:23 -07:00
xfrm4_output.c [IPSEC]: Fix inter address family IPsec tunnel handling. 2008-03-24 14:51:51 -07:00
xfrm4_policy.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
xfrm4_state.c xfrm: remove useless forward declarations 2008-11-25 01:05:54 -08:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00