summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_SECMARK.man
diff options
context:
space:
mode:
authorDan Williams <dcbw@redhat.com>2017-02-25 22:02:03 -0600
committerPablo Neira Ayuso <pablo@netfilter.org>2017-02-28 13:20:19 +0100
commit9b8cb7564a53865bf0e239bbc3e057de70edf65d (patch)
treed62561664938040c92ebb4d5f3403ce6b1cadc0f /extensions/libxt_SECMARK.man
parenteb66632d219a45497e7348918984e8cea6acdca2 (diff)
libiptc: don't set_changed() when checking rules with module jumps
Checking a rule that includes a jump to a module-based target currently sets the "changed" flag on the handle, which then causes TC_COMMIT() to run through the whole SO_SET_REPLACE/SO_SET_ADD_COUNTERS path. This seems wrong for simply checking rules, an operation which is documented as "...does not alter the existing iptables configuration..." but yet it clearly could do so. Fix that by ensuring that rule check operations for module targets don't set the changed flag, and thus exit early from TC_COMMIT(). Signed-off-by: Dan Williams <dcbw@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/libxt_SECMARK.man')
0 files changed, 0 insertions, 0 deletions