Rami Rosen wrote:
Hi,
- Thanks for your comments; I was not aware that this issues occur
in other places too; attached here is another patch, fixing where
applicable in ip6_queue and nfnetlink_queue.
1) in net/ipv6/netfilter/ip6_queue.c
- No need to perform data_len = 0 in the switch command, since data_len
is initialized to 0 in the beginning of the
ipq_build_packet_message() method
- We can reach nlmsg_failure only from one place; skb is sure to be NULL
when getting there; since skb is NULL, there is no need to check this fact
and call kfree_skb().
2) in net/netfilter/nfnetlink_queue.c:
- No need to perform data_len = 0 in the switch command, since data_len
is initialized to 0 in the beginning of the
nfqnl_build_packet_message() method
(Note: here, as opposed to previous patch, nlmsg_failure must check
skb and free it if it is not NULL, so the call to kfree_skb() is
needed , so it is not removed)
I've queued this patch and the previous one (without the procfs
bits) as one combined patch for 2.6.27, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
