diff options
author | Patrick McHardy <kaber@trash.net> | 2006-07-25 01:52:47 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-07-25 01:52:47 -0400 |
commit | 3bc38712e3a6e0596ccb6f8299043a826f983701 (patch) | |
tree | 9be25dce89ce73cfd79000a27eb001adc113af2e | |
parent | 083edca05ab1fa6efac1ba414018f7f45a4a83ff (diff) |
[NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject
In case of an unknown verdict or NF_STOP the packet leaks. Unknown verdicts
can happen when userspace is buggy. Reinject the packet in case of NF_STOP,
drop on unknown verdicts.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/nf_queue.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index bb6fcee452ca..662a869593bf 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, | |||
219 | 219 | ||
220 | switch (verdict & NF_VERDICT_MASK) { | 220 | switch (verdict & NF_VERDICT_MASK) { |
221 | case NF_ACCEPT: | 221 | case NF_ACCEPT: |
222 | case NF_STOP: | ||
222 | info->okfn(skb); | 223 | info->okfn(skb); |
224 | case NF_STOLEN: | ||
223 | break; | 225 | break; |
224 | |||
225 | case NF_QUEUE: | 226 | case NF_QUEUE: |
226 | if (!nf_queue(&skb, elem, info->pf, info->hook, | 227 | if (!nf_queue(&skb, elem, info->pf, info->hook, |
227 | info->indev, info->outdev, info->okfn, | 228 | info->indev, info->outdev, info->okfn, |
228 | verdict >> NF_VERDICT_BITS)) | 229 | verdict >> NF_VERDICT_BITS)) |
229 | goto next_hook; | 230 | goto next_hook; |
230 | break; | 231 | break; |
232 | default: | ||
233 | kfree_skb(skb); | ||
231 | } | 234 | } |
232 | rcu_read_unlock(); | 235 | rcu_read_unlock(); |
233 | |||
234 | if (verdict == NF_DROP) | ||
235 | kfree_skb(skb); | ||
236 | |||
237 | kfree(info); | 236 | kfree(info); |
238 | return; | 237 | return; |
239 | } | 238 | } |