2 files changed, 13 insertions, 5 deletions

diff --git a/ebtables.c b/ebtables.c
index 1b819cd..6de714f 100644
--- a/ebtables.c
+++ b/ebtables.c
@@ -1170,9 +1170,14 @@ check_extension:
 			rule_nr--;
 		rule_nr_end = rule_nr;
 
-		ebt_check_for_loops(replace);
-		if (ebt_errormsg[0] != '\0')
-			goto delete_the_rule;
+		/* a jump to a udc requires checking for loops */
+		if (!strcmp(new_entry->t->u.name, EBT_STANDARD_TARGET) &&
+		((struct ebt_standard_target *)(new_entry->t))->verdict >= 0) {
+			/* FIXME: this can be done faster */
+			ebt_check_for_loops(replace);
+			if (ebt_errormsg[0] != '\0')
+				goto delete_the_rule;
+		}
 
 		/* Do the final_check(), for all entries.
 		 * This is needed when adding a rule that has a chain target */
diff --git a/libebtc.c b/libebtc.c
index 02003a7..f76a04c 100644
--- a/libebtc.c
+++ b/libebtc.c
@@ -1019,8 +1019,6 @@ void ebt_check_for_loops(struct ebt_u_replace *replace)
 			verdict = ((struct ebt_standard_target *)(e->t))->verdict;
 			if (verdict < 0)
 				goto letscontinue;
-			entries2 = replace->chains[verdict + NF_BR_NUMHOOKS];
-			entries2->hook_mask |= entries->hook_mask;
 			/* Now see if we've been here before */
 			for (k = 0; k < sp; k++)
 				if (stack[k].chain_nr == verdict + NF_BR_NUMHOOKS) {
@@ -1029,6 +1027,11 @@ void ebt_check_for_loops(struct ebt_u_replace *replace)
 					   replace->chains[stack[k].chain_nr]->name);
 					goto free_stack;
 				}
+			entries2 = replace->chains[verdict + NF_BR_NUMHOOKS];
+			/* check if we've dealt with this chain already */
+			if (entries2->hook_mask & (1<<i))
+				goto letscontinue;
+			entries2->hook_mask |= entries->hook_mask;
 			/* Jump to the chain, make sure we know how to get back */
 			stack[sp].chain_nr = chain_nr;
 			stack[sp].n = j;