Currently tarpit_generic() just returns on failure, but this does not free nskb. Signed-off-by: Josh Hunt <johunt@xxxxxxxxxx> --- extensions/xt_TARPIT.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c index 58f12e4..0e66279 100644 --- a/extensions/xt_TARPIT.c +++ b/extensions/xt_TARPIT.c @@ -237,7 +237,7 @@ static void tarpit_tcp4(struct sk_buff *oldskb, unsigned int hook, ((u_int8_t *)tcph)[13] = 0; if (!tarpit_generic(tcph, oth, payload, mode)) - return; + goto free_nskb; /* Adjust TCP checksum */ tcph->check = 0; @@ -398,7 +398,7 @@ static void tarpit_tcp6(struct sk_buff *oldskb, unsigned int hook, payload = nskb->len - sizeof(struct ipv6hdr) - sizeof(struct tcphdr); if (!tarpit_generic(&oth, tcph, payload, mode)) - return; + goto free_nskb; ip6h->payload_len = htons(sizeof(struct tcphdr)); tcph->check = 0; -- 1.7.0.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
