@@ -727,7 +727,6 @@ static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff *skb)
{
- struct nf_bridge_info *nf_bridge;
unsigned int mtu_reserved;
mtu_reserved = nf_bridge_mtu_reduction(skb);
@@ -737,18 +736,20 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
return br_dev_queue_push_xmit(net, sk, skb);
}
- nf_bridge = nf_bridge_info_get(skb);
-
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
/* This is wrong! We should preserve the original fragment
* boundaries by preserving frag_list rather than refragmenting.
*/
if (skb->protocol == htons(ETH_P_IP)) {
+ struct nf_bridge_info *nf_bridge;
struct brnf_frag_data *data;
- if (br_validate_ipv4(net, skb))
- goto drop;
+ if (br_validate_ipv4(net, skb)) {
+ kfree_skb(skb);
+ return 0;
+ }
+ nf_bridge = nf_bridge_info_get(skb);
IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;
nf_bridge_update_protocol(skb);
@@ -769,11 +770,15 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
if (skb->protocol == htons(ETH_P_IPV6)) {
const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops();
+ struct nf_bridge_info *nf_bridge;
struct brnf_frag_data *data;
- if (br_validate_ipv6(net, skb))
- goto drop;
+ if (br_validate_ipv6(net, skb)) {
+ kfree_skb(skb);
+ return 0;
+ }
+ nf_bridge = nf_bridge_info_get(skb);
IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;
nf_bridge_update_protocol(skb);
@@ -794,9 +799,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff
#endif
nf_bridge_info_free(skb);
return br_dev_queue_push_xmit(net, sk, skb);
- drop:
- kfree_skb(skb);
- return 0;
}
/* PF_BRIDGE/POST_ROUTING ********************************************/