diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-01-13 08:19:55 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-01-13 11:03:39 -0500 |
| commit | f31e8d4982653b39fe312f9938be0f49dd9ab5fa (patch) | |
| tree | 32ec35631317568dc98cdc178a6950216b3149c9 /net | |
| parent | 2fc72c7b84002ffb3c66918e2a7b0ee607d8b5aa (diff) | |
netfilter: ctnetlink: fix loop in ctnetlink_get_conntrack()
This patch fixes a loop in ctnetlink_get_conntrack() that can be
triggered if you use the same socket to receive events and to
perform a GET operation. Under heavy load, netlink_unicast()
may return -EAGAIN, this error code is reserved in nfnetlink for
the module load-on-demand. Instead, we return -ENOBUFS which is
the appropriate error code that has to be propagated to
user-space.
Reported-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 5cb8d3027b18..2b7eef37875c 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
| @@ -972,7 +972,8 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, | |||
| 972 | free: | 972 | free: |
| 973 | kfree_skb(skb2); | 973 | kfree_skb(skb2); |
| 974 | out: | 974 | out: |
| 975 | return err; | 975 | /* this avoids a loop in nfnetlink. */ |
| 976 | return err == -EAGAIN ? -ENOBUFS : err; | ||
| 976 | } | 977 | } |
| 977 | 978 | ||
| 978 | #ifdef CONFIG_NF_NAT_NEEDED | 979 | #ifdef CONFIG_NF_NAT_NEEDED |