Re: netfilter 03/03: nf_queue: fix NF_STOLEN skb leak

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
I know that this patch were applied a long time ago but unfortunately I worked all the time on old 2.6.32 kernel. I am confused, because documentation said that returning NF_STOLEN means that netfilter release ownership of this skb and my hook/queue function is responsible for deallocating of this skb. But from now, It's true only for function registered by nf_register_hooks (for example defrag function still uses NF_STOLEN verdict when performing packed defragmentation). For function registered by nf_register_queue_handler() it's not true, because NF_STOLEN wil free skb! It's the same as NF_DROP. I have no chance to get ownership of skb after call to nf_reinject. Or I am missed something ? 
Best Regards,
Ondrej Slanina
-----Původní zpráva----- From: Patrick McHardy 
Sent: Friday, February 19, 2010 6:02 PM
To: davem@xxxxxxxxxxxxx
Cc: netdev@xxxxxxxxxxxxxxx ; Patrick McHardy ; netfilter-devel@xxxxxxxxxxxxxxx 
Subject: netfilter 03/03: nf_queue: fix NF_STOLEN skb leak

commit 64507fdbc29c3a622180378210ecea8659b14e40
Author: Eric Dumazet <eric.dumazet@xxxxxxxxx>
Date:   Fri Feb 19 15:28:38 2010 +0100

   netfilter: nf_queue: fix NF_STOLEN skb leak

   commit 3bc38712e3a6e059 (handle NF_STOP and unknown verdicts in
   nf_reinject) was a partial fix to packet leaks.

   If user asks NF_STOLEN status, we must free the skb as well.

   Reported-by: Afi Gjermund <afigjermund@xxxxxxxxx>
   Signed-off-by: Eric DUmazet <eric.dumazet@xxxxxxxxx>
   Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 3a6fd77..ba095fd 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -265,7 +265,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) 
 local_bh_disable();
 entry->okfn(skb);
 local_bh_enable();
- case NF_STOLEN:
 break;
 case NF_QUEUE:
 if (!__nf_queue(skb, elem, entry->pf, entry->hook,
@@ -273,6 +272,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) 
 verdict >> NF_VERDICT_BITS))
 goto next_hook;
 break;
+ case NF_STOLEN:
 default:
 kfree_skb(skb);
 }
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in 
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux