Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 90e7d4ab5c8b0c4c2e00e4893977f6aeec0f18f1
commit90e7d4ab5c8b0c4c2e00e4893977f6aeec0f18f1[log] [tgz]
authorJan Engelhardt <jengelh@medozas.de>Thu Jul 09 22:54:53 2009 +0200
committerJan Engelhardt <jengelh@medozas.de>Mon Aug 10 13:35:29 2009 +0200
tree81951e3cb17713cd0cedfec9d4d3823d3fe264f5
parenta7d51738e757c1ab94595e7d05594c61f0fb32ce [diff]
netfilter: xtables: check for unconditionality of policies

This adds a check that iptables's original author Rusty set forth in
a FIXME comment.

Underflows in iptables are better known as chain policies, and are
required to be unconditional or there would be a stochastical chance
for the policy rule to be skipped if it does not match. If that were
to happen, rule execution would continue in an unexpected spurious
fashion.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
3 files changed
tree: 81951e3cb17713cd0cedfec9d4d3823d3fe264f5
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS