From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 1 Dec 2006 03:47:58 +0000 (-0800)
Subject: [PATCH] EBTABLES: Deal with the worst-case behaviour in loop checks.
X-Git-Tag: v2.6.18.6~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6fe7624b306c7db201c07434ac511ab6fc7f0b2c;p=thirdparty%2Fkernel%2Fstable.git

[PATCH] EBTABLES: Deal with the worst-case behaviour in loop checks.

No need to revisit a chain we'd already finished with during
the check for current hook.  It's either instant loop (which
we'd just detected) or a duplicate work.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 0fb2852ac59ca..361d20bc9e6cf 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -739,7 +739,9 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s
 				BUGPRINT("loop\n");
 				return -1;
 			}
-			/* this can't be 0, so the above test is correct */
+			if (cl_s[i].hookmask & (1 << hooknr))
+				goto letscontinue;
+			/* this can't be 0, so the loop test is correct */
 			cl_s[i].cs.n = pos + 1;
 			pos = 0;
 			cl_s[i].cs.e = ((void *)e + e->next_offset);