| Message ID | 20081002131609.424438287@chello.nl |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
Index: linux-2.6/net/netfilter/core.c =================================================================== --- linux-2.6.orig/net/netfilter/core.c +++ linux-2.6/net/netfilter/core.c @@ -176,9 +176,12 @@ next_hook: ret = 1; goto unlock; } else if (verdict == NF_DROP) { +drop: kfree_skb(skb); ret = -EPERM; } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { + if (skb_emergency(*pskb)) + goto drop; if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn, verdict >> NF_VERDICT_BITS)) goto next_hook;
Avoid memory getting stuck waiting for userspace, drop all emergency packets. This of course requires the regular storage route to not include an NF_QUEUE target ;-) Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> --- net/netfilter/core.c | 3 +++ 1 file changed, 3 insertions(+)