netfilter: xtables: fix mangle tables
authorAlexey Dobriyan <adobriyan@gmail.com>
Thu, 11 Feb 2010 17:41:35 +0000 (18:41 +0100)
committerPatrick McHardy <kaber@trash.net>
Thu, 11 Feb 2010 17:41:35 +0000 (18:41 +0100)
In POST_ROUTING hook, calling dev_net(in) is going to oops.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/ipv4/netfilter/iptable_mangle.c
net/ipv6/netfilter/ip6table_mangle.c

index 58d7097baa3dab5d236178d9182ec35b80645d12..c8333305d6315cef232da4652438214896c4bf69 100644 (file)
@@ -87,7 +87,9 @@ iptable_mangle_hook(unsigned int hook,
 {
        if (hook == NF_INET_LOCAL_OUT)
                return ipt_local_hook(hook, skb, in, out, okfn);
-
+       if (hook == NF_INET_POST_ROUTING)
+               return ipt_do_table(skb, hook, in, out,
+                                   dev_net(out)->ipv4.iptable_mangle);
        /* PREROUTING/INPUT/FORWARD: */
        return ipt_do_table(skb, hook, in, out,
                            dev_net(in)->ipv4.iptable_mangle);
index dc803b7e8e54e4f3797a50963c4f2c27c2d48938..b6216dede52c7e4c3ecf6c77733884497eac685f 100644 (file)
@@ -81,7 +81,9 @@ ip6table_mangle_hook(unsigned int hook, struct sk_buff *skb,
 {
        if (hook == NF_INET_LOCAL_OUT)
                return ip6t_local_out_hook(hook, skb, out, okfn);
-
+       if (hook == NF_INET_POST_ROUTING)
+               return ip6t_do_table(skb, hook, in, out,
+                                    dev_net(out)->ipv6.ip6table_mangle);
        /* INPUT/FORWARD */
        return ip6t_do_table(skb, hook, in, out,
                             dev_net(in)->ipv6.ip6table_mangle);