Patchwork [24/32] netfilter: NF_QUEUE vs emergency skbs

login
register
mail settings
Submitter Peter Zijlstra
Date Oct. 2, 2008, 1:05 p.m.
Message ID <20081002131609.424438287@chello.nl>
Download mbox | patch
Permalink /patch/2393/
State Changes Requested
Delegated to: David Miller
Headers show

Comments

Peter Zijlstra - Oct. 2, 2008, 1:05 p.m.
Avoid memory getting stuck waiting for userspace, drop all emergency packets.
This of course requires the regular storage route to not include an NF_QUEUE
target ;-)

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
---
 net/netfilter/core.c |    3 +++
 1 file changed, 3 insertions(+)

Patch

Index: linux-2.6/net/netfilter/core.c
===================================================================
--- linux-2.6.orig/net/netfilter/core.c
+++ linux-2.6/net/netfilter/core.c
@@ -176,9 +176,12 @@  next_hook:
 		ret = 1;
 		goto unlock;
 	} else if (verdict == NF_DROP) {
+drop:
 		kfree_skb(skb);
 		ret = -EPERM;
 	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
+		if (skb_emergency(*pskb))
+			goto drop;
 		if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
 			      verdict >> NF_VERDICT_BITS))
 			goto next_hook;