From patchwork Fri Oct  9 11:10:37 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Westphal <fw@strlen.de>
X-Patchwork-Id: 528182
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id A8EDE140D5F
	for <incoming@patchwork.ozlabs.org>;
	Fri,  9 Oct 2015 22:11:13 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756895AbbJILLB (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Fri, 9 Oct 2015 07:11:01 -0400
Received: from Chamillionaire.breakpoint.cc ([80.244.247.6]:39466 "EHLO
	Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1756705AbbJILKo (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Fri, 9 Oct 2015 07:10:44 -0400
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.80)
	(envelope-from <fw@breakpoint.cc>)
	id 1ZkVZR-0000bA-AL; Fri, 09 Oct 2015 13:10:41 +0200
From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH -next] netfilter: nfqueue: don't use prev pointer
Date: Fri,  9 Oct 2015 13:10:37 +0200
Message-Id: <1444389037-17285-1-git-send-email-fw@strlen.de>
X-Mailer: git-send-email 2.0.5
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Usage of -prev seems buggy.  While packet was out our hook cannot be
removed but we have no way to know if the previous one is still valid.

So better not use ->prev at all.  Since NF_REPEAT just asks to invoke
same hook function again, just do so, and continue with nf_interate
if we get an ACCEPT verdict.

A side effect of this change is that if nf_reinject(NF_REPEAT) causes
another REPEAT we will now drop the skb instead of a kernel loop.

However, NF_REPEAT loops would be a bug so this should not happen anyway.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
Targetting -next: on -nf we need to s/elem->priv/elem/, else oops.

I tested this with nf-queue.c from libnetfilter_queue, changed to issue
NF_REPEAT + NFMARK=1 and
-m mark --mark 1 -j ACCEPT
-j NFQUEUE

-> ping works, both rule counters increment.

diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 96777f9..253a995 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -192,10 +192,8 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 	nf_queue_entry_release_refs(entry);
 
 	/* Continue traversal iff userspace said ok... */
-	if (verdict == NF_REPEAT) {
-		elem = list_entry(elem->list.prev, struct nf_hook_ops, list);
-		verdict = NF_ACCEPT;
-	}
+	if (verdict == NF_REPEAT)
+		verdict = elem->hook(elem->priv, skb, &entry->state);
 
 	if (verdict == NF_ACCEPT) {
 		afinfo = nf_get_afinfo(entry->state.pf);