Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > --- a/net/netfilter/core.c
> > +++ b/net/netfilter/core.c
> > @@ -179,8 +179,11 @@ next_hook:
> > if (ret == 0)
> > ret = -EPERM;
> > } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
> > - nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
> > + ret = nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
> > verdict >> NF_VERDICT_BITS);
> > + if (ret < 0)
> > + kfree_skb(skb);
> > + ret = 0;
> > }
>
> Suggestion: Better put this patch on top of the pile. In the previous,
> you remove the return value of nf_queue, and again you reintroduce it.
Yes, I'll either rebase this or just merge the two patches into one
to avoid this confusion. Sorry about that.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
