diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-03 10:56:17 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-03 10:56:17 +0100 |
| commit | 06fd3a392bb36ff162d10cb7d5794185b94edb2f (patch) | |
| tree | 9b7b5a5b3f82e2b11f6cd903a724eb4829e0ce95 /net/netfilter/core.c | |
| parent | netfilter: kill NF_HOOK_THRESH() and state->tresh (diff) | |
| download | linux-dev-06fd3a392bb36ff162d10cb7d5794185b94edb2f.tar.xz linux-dev-06fd3a392bb36ff162d10cb7d5794185b94edb2f.zip | |
netfilter: deprecate NF_STOP
NF_STOP is only used by br_netfilter these days, and it can be emulated
with a combination of NF_STOLEN plus explicit call to the ->okfn()
function as Florian suggests.
To retain binary compatibility with userspace nf_queue application, we
have to keep NF_STOP around, so libnetfilter_queue userspace userspace
applications still work if they use NF_STOP for some exotic reason.
Out of tree modules using NF_STOP would break, but we don't care about
those.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/core.c')
| -rw-r--r-- | net/netfilter/core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index cb0232c11bc8..14f97b624f98 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -333,7 +333,7 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state) entry = rcu_dereference(state->hook_entries); next_hook: verdict = nf_iterate(skb, state, &entry); - if (verdict == NF_ACCEPT || verdict == NF_STOP) { + if (verdict == NF_ACCEPT) { ret = 1; } else if ((verdict & NF_VERDICT_MASK) == NF_DROP) { kfree_skb(skb); |