Jan Engelhardt wrote:
+static u_int16_t tcpmss_reverse_mtu4(const struct iphdr *iph) +{ + struct rtable *rt = NULL; + struct flowi fl = {.nl_u = {.ip4_u = { + .daddr = iph->saddr, + .tos = RT_TOS(iph->tos), + .scope = RT_SCOPE_UNIVERSE, + }}}; + + ip_route_output_key(&rt, &fl); + if (rt == NULL) + return ~(u_int16_t)0; + return dst_mtu(&rt->u.dst);
This leaks the dst_entry.
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) +static u_int16_t tcpmss_reverse_mtu6(const struct ipv6hdr *iph) +{ + struct rtable *rt = NULL; + struct flowi fl = {.nl_u = {.ip6_u = { + .daddr = iph->saddr, + .flowlabel = ((iph->flow_lbl[0] << 16) | + (iph->flow_lbl[1] << 8) | iph->flow_lbl[2]) & + 0x00FFFFFF, + }}}; + + ip_route_output_key(&rt, &fl); + if (rt == NULL) + return ~(u_int16_t)0; + return dst_mtu(&rt->u.dst);
This also leaks and you probably want to do IPv6 routing :) But the patch should use the ->route function from nf_af_info anyways to avoid adding module dependencies. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html