Commit 98a0824a authored by Al Viro's avatar Al Viro Committed by David S. Miller
[EBTABLES]: Deal with the worst-case behaviour in loop checks.

No need to revisit a chain we'd already finished with during
the check for current hook.  It's either instant loop (which
we'd just detected) or a duplicate work.
Signed-off-by: default avatarAl Viro <>
Signed-off-by: default avatarDavid S. Miller <>
parent 40642f95
......@@ -717,7 +717,9 @@ static int check_chainloops(struct ebt_entries *chain, struct ebt_cl_stack *cl_s
return -1;
/* this can't be 0, so the above test is correct */
if (cl_s[i].hookmask & (1 << hooknr))
goto letscontinue;
/* this can't be 0, so the loop test is correct */
cl_s[i].cs.n = pos + 1;
pos = 0;
cl_s[i].cs.e = ((void *)e + e->next_offset);
