git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 6 Feb 2024 16:54:18 +0000 (17:54 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 16 Feb 2024 18:14:25 +0000 (19:14 +0100)
commit	3c0c0cf930aa802ab2b4e4206e7307de17d64634
tree	e3d89f951c5f62471e4f2a48491f66a5f25eb1a6	tree \| snapshot
parent	383182db8d58c4237772ba0764cded4938a235c3	commit \| diff

netfilter: nfnetlink_queue: un-break NF_REPEAT

[ Upstream commit f82777e8ce6c039cdcacbcf1eb8619b99a20c06d ]

Only override userspace verdict if the ct hook returns something
other than ACCEPT.

Else, this replaces NF_REPEAT (run all hooks again) with NF_ACCEPT
(move to next hook).

Fixes: 6291b3a67ad5 ("netfilter: conntrack: convert nf_conntrack_update to netfilter verdicts")
Reported-by: l.6diay@passmail.com
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>