From fb4c49d7945eb0ff4d0e14178a367fd17b36e121 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 5 Apr 2010 00:44:44 +0200 Subject: [PATCH] xt_TEE: new loop detection logic --- doc/changelog.txt | 1 + extensions/xt_TEE.c | 19 +++++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/doc/changelog.txt b/doc/changelog.txt index 556e4f0..56623ba 100644 --- a/doc/changelog.txt +++ b/doc/changelog.txt @@ -7,6 +7,7 @@ HEAD - TEE: free skb when route lookup failed - TEE: do not limit use to mangle table - TEE: do not retain iif and mark on cloned packet +- TEE: new loop detection logic Xtables-addons 1.24 (March 17 2010) diff --git a/extensions/xt_TEE.c b/extensions/xt_TEE.c index b11dd1c..d078d6e 100644 --- a/extensions/xt_TEE.c +++ b/extensions/xt_TEE.c @@ -33,6 +33,7 @@ static struct nf_conn tee_track; #include "compat_xtables.h" #include "xt_TEE.h" +static bool tee_active[NR_CPUS]; static const union nf_inet_addr tee_zero_address; /* @@ -135,7 +136,10 @@ tee_tg4(struct sk_buff **pskb, const struct xt_target_param *par) const struct xt_tee_tginfo *info = par->targinfo; struct sk_buff *skb = *pskb; struct iphdr *iph; + unsigned int cpu = smp_processor_id(); + if (tee_active[cpu]) + return XT_CONTINUE; /* * Copy the skb, and route the copy. Will later return %XT_CONTINUE for * the original skb, which should continue on its way as if nothing has @@ -190,9 +194,11 @@ tee_tg4(struct sk_buff **pskb, const struct xt_target_param *par) * Also on purpose, no fragmentation is done, to preserve the * packet as best as possible. */ - if (tee_tg_route4(skb, info)) + if (tee_tg_route4(skb, info)) { + tee_active[cpu] = true; tee_tg_send(skb); - + tee_active[cpu] = false; + } return XT_CONTINUE; } @@ -233,7 +239,10 @@ tee_tg6(struct sk_buff **pskb, const struct xt_target_param *par) { const struct xt_tee_tginfo *info = par->targinfo; struct sk_buff *skb = *pskb; + unsigned int cpu = smp_processor_id(); + if (tee_active[cpu]) + return XT_CONTINUE; if ((skb = skb_copy(skb, GFP_ATOMIC)) == NULL) return XT_CONTINUE; @@ -248,9 +257,11 @@ tee_tg6(struct sk_buff **pskb, const struct xt_target_param *par) struct ipv6hdr *iph = ipv6_hdr(skb); --iph->hop_limit; } - if (tee_tg_route6(skb, info)) + if (tee_tg_route6(skb, info)) { + tee_active[cpu] = true; tee_tg_send(skb); - + tee_active[cpu] = false; + } return XT_CONTINUE; } #endif /* WITH_IPV6 */