nf_reinject requires the called to hold the RCU read-side lock which
wasn't the case in nfqnl_reinject.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
struct nf_ct_hook *ct_hook;
int err;
+ rcu_read_lock();
+
if (verdict == NF_ACCEPT ||
verdict == NF_REPEAT ||
verdict == NF_STOP) {
- rcu_read_lock();
ct_hook = rcu_dereference(nf_ct_hook);
if (ct_hook) {
err = ct_hook->update(entry->state.net, entry->skb);
if (err < 0)
verdict = NF_DROP;
}
- rcu_read_unlock();
}
nf_reinject(entry, verdict);
+ rcu_read_unlock();
}
static void