Forwarding to netfilter-devel where this belongs...
--- Begin Message ---
Hi,
In this patch, these three fixes were made in net/ipv4/netfilter/ip_queue.c:
1) No need to perform data_len = 0 in the switch command, since data_len
is initialized to 0 in the beginning of the method
,ipq_build_packet_message().
2) We can reach nlmsg_failure only from one place; skb is sure to be NULL
when getting there; since skb is NULL, there is no need to check this fact
and call kfree_skb().
3) Add #ifdef CONFIG_PROC_FS when removing the VFS entry,
proc_net_remove(&init_net, IPQ_PROC_FS_NAME);
Regards,
Rami Rosen
Signed-off-by: Rami Rosen <ramirose@xxxxxxxxx>
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 26a37ce..7bc3a29 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -156,7 +156,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
case IPQ_COPY_META:
case IPQ_COPY_NONE:
size = NLMSG_SPACE(sizeof(*pmsg));
- data_len = 0;
break;
case IPQ_COPY_PACKET:
@@ -224,8 +223,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
return skb;
nlmsg_failure:
- if (skb)
- kfree_skb(skb);
*errp = -EINVAL;
printk(KERN_ERR "ip_queue: error creating packet message\n");
return NULL;
@@ -610,7 +607,9 @@ cleanup_sysctl:
unregister_sysctl_table(ipq_sysctl_header);
#endif
unregister_netdevice_notifier(&ipq_dev_notifier);
+#ifdef CONFIG_PROC_FS
proc_net_remove(&init_net, IPQ_PROC_FS_NAME);
+#endif
cleanup_ipqnl: __maybe_unused
netlink_kernel_release(ipqnl);
mutex_lock(&ipqnl_mutex);
--- End Message ---
