From: Jan Engelhardt <jengelh@medozas.de>
Date: Thu, 9 Jul 2009 20:54:53 +0000 (+0200)
Subject: netfilter: xtables: check for unconditionality of policies
X-Git-Tag: v2.6.32-rc1~703^2~21^2~11^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90e7d4ab5c8b0c4c2e00e4893977f6aeec0f18f1;p=pandora-kernel.git

netfilter: xtables: check for unconditionality of policies

This adds a check that iptables's original author Rusty set forth in
a FIXME comment.

Underflows in iptables are better known as chain policies, and are
required to be unconditional or there would be a stochastical chance
for the policy rule to be skipped if it does not match. If that were
to happen, rule execution would continue in an unexpected spurious
fashion.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---

Reading git-diff-tree failed