]> git.itanic.dy.fi Git - linux-stable/commit
projects / linux-stable / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a0a8602) | patch
netfilter: xt_mangle: only check verdict part of return value
authorFlorian Westphal <fw@strlen.de>
Wed, 11 Oct 2023 07:59:34 +0000 (09:59 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 18 Oct 2023 08:26:43 +0000 (10:26 +0200)
commite15e5027106f3f6009d2fb46b3a1bb3d9e6a1b77
treee448bbfa0e109251e300956f0e61a7b67be3bfb4tree | snapshot
parenta0a86022474304e012aad5d41943fdd31a036284commit | diff
netfilter: xt_mangle: only check verdict part of return value

These checks assume that the caller only returns NF_DROP without
any errno embedded in the upper bits.

This is fine right now, but followup patches will start to propagate
such errors to allow kfree_skb_drop_reason() in the called functions,
those would then indicate 'errno << 8 | NF_STOLEN'.

To not break things we have to mask those parts out.

Signed-off-by: Florian Westphal <fw@strlen.de>
net/ipv4/netfilter/iptable_mangle.c diff | blob | history
net/ipv6/netfilter/ip6table_mangle.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.