lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: nfnetlink_queue: do not free skb on error

Browse Source 
Move free responsibility from nf_queue to caller.
This enables more flexible error handling; we can now accept the skb
instead of freeing it.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Florian Westphal
2011-01-18 15:28:38 +01:00
committed by Patrick McHardy
parent f158508618
commit 06cdb6349c
2 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
net/netfilter/core.c
View File

@@ -181,8 +181,11 @@ next_hook:
} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
ret = nf_queue(skb, elem, pf, hook, indev, outdev, okfn, ret = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
verdict >> NF_VERDICT_BITS); verdict >> NF_VERDICT_BITS);
if (ret < 0) {
if (ret == -ECANCELED) if (ret == -ECANCELED)
goto next_hook; goto next_hook;
kfree_skb(skb);
}
ret = 0; ret = 0;
} }
rcu_read_unlock(); rcu_read_unlock();

13
net/netfilter/nf_queue.c
View File

@@ -163,9 +163,8 @@ static int __nf_queue(struct sk_buff *skb,
/* If it's going away, ignore hook. */ /* If it's going away, ignore hook. */
if (!try_module_get(entry->elem->owner)) { if (!try_module_get(entry->elem->owner)) {
rcu_read_unlock(); status = -ECANCELED;
kfree(entry); goto err_unlock;
return -ECANCELED;
} }
/* Bump dev refs so they don't vanish while packet is out */ /* Bump dev refs so they don't vanish while packet is out */
if (indev) if (indev)
@@ -198,7 +197,6 @@ static int __nf_queue(struct sk_buff *skb,
err_unlock: err_unlock:
rcu_read_unlock(); rcu_read_unlock();
err: err:
kfree_skb(skb);
kfree(entry); kfree(entry);
return status; return status;
} }
@@ -229,7 +227,6 @@ int nf_queue(struct sk_buff *skb,
} }
segs = skb_gso_segment(skb, 0); segs = skb_gso_segment(skb, 0);
kfree_skb(skb);
/* Does not use PTR_ERR to limit the number of error codes that can be /* Does not use PTR_ERR to limit the number of error codes that can be
* returned by nf_queue. For instance, callers rely on -ECANCELED to mean * returned by nf_queue. For instance, callers rely on -ECANCELED to mean
* 'ignore this hook'. * 'ignore this hook'.
@@ -253,8 +250,11 @@ int nf_queue(struct sk_buff *skb,
segs = nskb; segs = nskb;
} while (segs); } while (segs);
/* also free orig skb if only some segments were queued */
if (unlikely(err && queued)) if (unlikely(err && queued))
err = 0; err = 0;
if (err == 0)
kfree_skb(skb);
return err; return err;
} }
@@ -300,8 +300,11 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
err = __nf_queue(skb, elem, entry->pf, entry->hook, err = __nf_queue(skb, elem, entry->pf, entry->hook,
entry->indev, entry->outdev, entry->okfn, entry->indev, entry->outdev, entry->okfn,
verdict >> NF_VERDICT_BITS); verdict >> NF_VERDICT_BITS);
if (err < 0) {
if (err == -ECANCELED) if (err == -ECANCELED)
goto next_hook; goto next_hook;
kfree_skb(skb);
}
break; break;
case NF_STOLEN: case NF_STOLEN:
default: default: