Hi,
- Thanks for your comments; I was not aware that this issues occur
in other places too; attached here is another patch, fixing where
applicable in ip6_queue and nfnetlink_queue.
1) in net/ipv6/netfilter/ip6_queue.c
- No need to perform data_len = 0 in the switch command, since data_len
is initialized to 0 in the beginning of the
ipq_build_packet_message() method
- We can reach nlmsg_failure only from one place; skb is sure to be NULL
when getting there; since skb is NULL, there is no need to check this fact
and call kfree_skb().
2) in net/netfilter/nfnetlink_queue.c:
- No need to perform data_len = 0 in the switch command, since data_len
is initialized to 0 in the beginning of the
nfqnl_build_packet_message() method
(Note: here, as opposed to previous patch, nlmsg_failure must check
skb and free it if it is not NULL, so the call to kfree_skb() is
needed , so it is not removed)
Regards,
Rami Rosen
Signed-off-by: Rami Rosen <[email protected]>
On Mon, Jun 2, 2008 at 12:46 PM, Patrick McHardy <[email protected]> wrote:
> David Miller wrote:
>>
>> Forwarding to netfilter-devel where this belongs...
>
> Thanks.
>
>> In this patch, these three fixes were made in
>> net/ipv4/netfilter/ip_queue.c:
>>
>> 1) No need to perform data_len = 0 in the switch command, since
>> data_len
>> is initialized to 0 in the beginning of the method
>> ,ipq_build_packet_message().
>>
>> 2) We can reach nlmsg_failure only from one place; skb is sure to
>> be NULL
>> when getting there; since skb is NULL, there is no need to check
>> this fact
>> and call kfree_skb().
>>
>> 3) Add #ifdef CONFIG_PROC_FS when removing the VFS entry,
>> proc_net_remove(&init_net, IPQ_PROC_FS_NAME);
>>
>>
>> Regards,
>> Rami Rosen
>>
>>
>> Signed-off-by: Rami Rosen <[email protected]>
>
> 1) also affects ip6_queue and nfnetlink_queue
> 2) also affects ip6_queue
> 3) is unnecessary since proc_net_remove is a NOP without
> CONFIG_PROC_FS
>
> Please update your patch to also change ip6_queue and
> nfnetlink_queue where applicable. Thanks.
>
>
>
Rami Rosen wrote:
> Hi,
> - Thanks for your comments; I was not aware that this issues occur
> in other places too; attached here is another patch, fixing where
> applicable in ip6_queue and nfnetlink_queue.
>
> 1) in net/ipv6/netfilter/ip6_queue.c
> - No need to perform data_len = 0 in the switch command, since data_len
> is initialized to 0 in the beginning of the
> ipq_build_packet_message() method
> - We can reach nlmsg_failure only from one place; skb is sure to be NULL
> when getting there; since skb is NULL, there is no need to check this fact
> and call kfree_skb().
>
> 2) in net/netfilter/nfnetlink_queue.c:
> - No need to perform data_len = 0 in the switch command, since data_len
> is initialized to 0 in the beginning of the
> nfqnl_build_packet_message() method
>
> (Note: here, as opposed to previous patch, nlmsg_failure must check
> skb and free it if it is not NULL, so the call to kfree_skb() is
> needed , so it is not removed)
I've queued this patch and the previous one (without the procfs
bits) as one combined patch for 2.6.27, thanks.