[PATCH] EBTABLES: Deal with the worst-case behaviour in loop checks.

No need to revisit a chain we'd already finished with during the check for current hook. It's either instant loop (which we'd just detected) or a duplicate work. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
author: Al Viro <viro@zeniv.linux.org.uk> 2006-11-30 19:47:58 -0800
committer: Chris Wright <chrisw@sous-sol.org> 2006-12-11 11:32:37 -0800
commit: dc983545ac3c17728ebb1e0c56aadc85ae3f8daf (patch)
tree: ae21ac873690bd734276a10164834df0870addeb /net
parent: 2066918ca75a860c085f294db4f679a397bcc9a3 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 6ab7674ea45..46ab9b75926 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -717,7 +717,9 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s
 				BUGPRINT("loop\n");
 				return -1;
 			}
-			/* this can't be 0, so the above test is correct */
+			if (cl_s[i].hookmask & (1 << hooknr))
+				goto letscontinue;
+			/* this can't be 0, so the loop test is correct */
 			cl_s[i].cs.n = pos + 1;
 			pos = 0;
 			cl_s[i].cs.e = ((void *)e + e->next_offset);
author	Al Viro <viro@zeniv.linux.org.uk>	2006-11-30 19:47:58 -0800
committer	Chris Wright <chrisw@sous-sol.org>	2006-12-11 11:32:37 -0800
commit	dc983545ac3c17728ebb1e0c56aadc85ae3f8daf (patch)
tree	ae21ac873690bd734276a10164834df0870addeb /net
parent	2066918ca75a860c085f294db4f679a397bcc9a3 (diff)