- TEE: free skb when route lookup failed
- TEE: do not limit use to mangle table
- TEE: do not retain iif and mark on cloned packet
+- TEE: new loop detection logic
Xtables-addons 1.24 (March 17 2010)
#include "compat_xtables.h"
#include "xt_TEE.h"
+static bool tee_active[NR_CPUS];
static const union nf_inet_addr tee_zero_address;
/*
const struct xt_tee_tginfo *info = par->targinfo;
struct sk_buff *skb = *pskb;
struct iphdr *iph;
+ unsigned int cpu = smp_processor_id();
+ if (tee_active[cpu])
+ return XT_CONTINUE;
/*
* Copy the skb, and route the copy. Will later return %XT_CONTINUE for
* the original skb, which should continue on its way as if nothing has
* Also on purpose, no fragmentation is done, to preserve the
* packet as best as possible.
*/
- if (tee_tg_route4(skb, info))
+ if (tee_tg_route4(skb, info)) {
+ tee_active[cpu] = true;
tee_tg_send(skb);
-
+ tee_active[cpu] = false;
+ }
return XT_CONTINUE;
}
{
const struct xt_tee_tginfo *info = par->targinfo;
struct sk_buff *skb = *pskb;
+ unsigned int cpu = smp_processor_id();
+ if (tee_active[cpu])
+ return XT_CONTINUE;
if ((skb = skb_copy(skb, GFP_ATOMIC)) == NULL)
return XT_CONTINUE;
struct ipv6hdr *iph = ipv6_hdr(skb);
--iph->hop_limit;
}
- if (tee_tg_route6(skb, info))
+ if (tee_tg_route6(skb, info)) {
+ tee_active[cpu] = true;
tee_tg_send(skb);
-
+ tee_active[cpu] = false;
+ }
return XT_CONTINUE;
}
#endif /* WITH_IPV6 */
projects / thirdparty / xtables-addons.git / commitdiff
