aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2005-04-25 15:01:07 -0400
committerDavid S. Miller <davem@davemloft.net>2005-04-25 15:01:07 -0400
commitb31e5b1bb53b99dfd5e890aa07e943aff114ae1c (patch)
tree081d0f1223db0f7cda1fdaa3058ed4fefb28d9fc
parentf649a3bfd1b0ad8872312ed1c223d69b74406e1f (diff)
[NETFILTER]: Drop conntrack reference when packet leaves IP
In the event a raw socket is created for sending purposes only, the creator never bothers to check the socket's receive queue. But we continue to add skbs to its queue until it fills up. Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the queue potentially holds a reference to a conntrack. If the user attempts to unload ip_conntrack, we will spin around forever since the queued skbs are pinned. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/ip_output.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c7
2 files changed, 2 insertions, 7 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 30ab7b6ab761..38f69532a029 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -195,6 +195,8 @@ static inline int ip_finish_output2(struct sk_buff *skb)
195 nf_debug_ip_finish_output2(skb); 195 nf_debug_ip_finish_output2(skb);
196#endif /*CONFIG_NETFILTER_DEBUG*/ 196#endif /*CONFIG_NETFILTER_DEBUG*/
197 197
198 nf_reset(skb);
199
198 if (hh) { 200 if (hh) {
199 int hh_alen; 201 int hh_alen;
200 202
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 0c29ccf62a89..46ca45f74d85 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -431,13 +431,6 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum,
431 const struct net_device *out, 431 const struct net_device *out,
432 int (*okfn)(struct sk_buff *)) 432 int (*okfn)(struct sk_buff *))
433{ 433{
434#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)
435 /* Previously seen (loopback)? Ignore. Do this before
436 fragment check. */
437 if ((*pskb)->nfct)
438 return NF_ACCEPT;
439#endif
440
441 /* Gather fragments. */ 434 /* Gather fragments. */
442 if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 435 if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
443 *pskb = ip_ct_gather_frags(*pskb, 436 *pskb = ip_ct_gather_frags(*pskb,