xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: deprecate NF_STOP

Browse Source 
NF_STOP is only used by br_netfilter these days, and it can be emulated
with a combination of NF_STOLEN plus explicit call to the ->okfn()
function as Florian suggests.

To retain binary compatibility with userspace nf_queue application, we
have to keep NF_STOP around, so libnetfilter_queue userspace userspace
applications still work if they use NF_STOP for some exotic reason.

Out of tree modules using NF_STOP would break, but we don't care about
those.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
2016-11-03 10:56:17 +01:00
parent 1610a73c41
commit 06fd3a392b
3 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
net/bridge/br_netfilter_hooks.c
View File

@@ -845,8 +845,10 @@ static unsigned int ip_sabotage_in(void *priv,
struct sk_buff *skb,
const struct nf_hook_state *state)
{
if (skb->nf_bridge && !skb->nf_bridge->in_prerouting)
return NF_STOP;
if (skb->nf_bridge && !skb->nf_bridge->in_prerouting) {
state->okfn(state->net, state->sk, skb);
return NF_STOLEN;
}
return NF_ACCEPT;
}