diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-02-19 09:28:38 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-19 09:28:38 -0500 |
| commit | 64507fdbc29c3a622180378210ecea8659b14e40 (patch) | |
| tree | c42d87f221405f3ba9553984c39178caae3aac26 /net/netfilter | |
| parent | a88e22adf5aad79b6e2ddd1bf0109c2ba8b46b0e (diff) | |
netfilter: nf_queue: fix NF_STOLEN skb leak
commit 3bc38712e3a6e059 (handle NF_STOP and unknown verdicts in
nf_reinject) was a partial fix to packet leaks.
If user asks NF_STOLEN status, we must free the skb as well.
Reported-by: Afi Gjermund <afigjermund@gmail.com>
Signed-off-by: Eric DUmazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nf_queue.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index 3a6fd77f7761..ba095fd014e5 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
| @@ -265,7 +265,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) | |||
| 265 | local_bh_disable(); | 265 | local_bh_disable(); |
| 266 | entry->okfn(skb); | 266 | entry->okfn(skb); |
| 267 | local_bh_enable(); | 267 | local_bh_enable(); |
| 268 | case NF_STOLEN: | ||
| 269 | break; | 268 | break; |
| 270 | case NF_QUEUE: | 269 | case NF_QUEUE: |
| 271 | if (!__nf_queue(skb, elem, entry->pf, entry->hook, | 270 | if (!__nf_queue(skb, elem, entry->pf, entry->hook, |
| @@ -273,6 +272,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) | |||
| 273 | verdict >> NF_VERDICT_BITS)) | 272 | verdict >> NF_VERDICT_BITS)) |
| 274 | goto next_hook; | 273 | goto next_hook; |
| 275 | break; | 274 | break; |
| 275 | case NF_STOLEN: | ||
| 276 | default: | 276 | default: |
| 277 | kfree_skb(skb); | 277 | kfree_skb(skb); |
| 278 | } | 278 | } |