summaryrefslogtreecommitdiff
path: root/net/ipv6/fib6_rules.c
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2016-04-01 15:17:22 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2016-04-14 01:30:35 +0300
commit36472341017529e2b12573093cc0f68719300997 (patch)
tree96f6dd9fbfcddc5e3a934d4dd812d640574897d0 /net/ipv6/fib6_rules.c
parentf24e230d257af1ad7476c6e81a8dc3127a74204e (diff)
downloadlinux-36472341017529e2b12573093cc0f68719300997.tar.xz
netfilter: x_tables: validate targets of jumps
When we see a jump also check that the offset gets us to beginning of a rule (an ipt_entry). The extra overhead is negible, even with absurd cases. 300k custom rules, 300k jumps to 'next' user chain: [ plus one jump from INPUT to first userchain ]: Before: real 0m24.874s user 0m7.532s sys 0m16.076s After: real 0m27.464s user 0m7.436s sys 0m18.840s Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6/fib6_rules.c')
0 files changed, 0 insertions, 0 deletions