diff options
author | Patrick McHardy <kaber@trash.net> | 2006-07-24 22:52:47 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-07-24 22:52:47 -0700 |
commit | 3bc38712e3a6e0596ccb6f8299043a826f983701 (patch) | |
tree | 9be25dce89ce73cfd79000a27eb001adc113af2e /net | |
parent | 083edca05ab1fa6efac1ba414018f7f45a4a83ff (diff) | |
download | op-kernel-dev-3bc38712e3a6e0596ccb6f8299043a826f983701.zip op-kernel-dev-3bc38712e3a6e0596ccb6f8299043a826f983701.tar.gz |
[NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject
In case of an unknown verdict or NF_STOP the packet leaks. Unknown verdicts
can happen when userspace is buggy. Reinject the packet in case of NF_STOP,
drop on unknown verdicts.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_queue.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index bb6fcee..662a869 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info, switch (verdict & NF_VERDICT_MASK) { case NF_ACCEPT: + case NF_STOP: info->okfn(skb); + case NF_STOLEN: break; - case NF_QUEUE: if (!nf_queue(&skb, elem, info->pf, info->hook, info->indev, info->outdev, info->okfn, verdict >> NF_VERDICT_BITS)) goto next_hook; break; + default: + kfree_skb(skb); } rcu_read_unlock(); - - if (verdict == NF_DROP) - kfree_skb(skb); - kfree(info); return; } |