]> git.ipfire.org Git - ipfire-2.x.git/blobdiff - src/patches/suse-2.6.27.31/patches.suse/SoN-24-emergency-nf_queue.patch
projects / ipfire-2.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reenabled linux-xen, added patches for Xen Kernel Version 2.6.27.31,
[ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.suse / SoN-24-emergency-nf_queue.patch
diff --git a/src/patches/suse-2.6.27.31/patches.suse/SoN-24-emergency-nf_queue.patch b/src/patches/suse-2.6.27.31/patches.suse/SoN-24-emergency-nf_queue.patch
new file mode 100644 (file)
index 0000000..d7a23e7
--- /dev/null
+++ b/src/patches/suse-2.6.27.31/patches.suse/SoN-24-emergency-nf_queue.patch
@@ -0,0 +1,34 @@
+From: Peter Zijlstra <a.p.zijlstra@chello.nl> 
+Subject: netfilter: NF_QUEUE vs emergency skbs
+Patch-mainline: No
+References: FATE#303834
+
+Avoid memory getting stuck waiting for userspace, drop all emergency packets.
+This of course requires the regular storage route to not include an NF_QUEUE
+target ;-)
+
+Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
+Acked-by: Neil Brown <neilb@suse.de>
+Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
+
+---
+ net/netfilter/core.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+Index: linux-2.6.26/net/netfilter/core.c
+===================================================================
+--- linux-2.6.26.orig/net/netfilter/core.c
++++ linux-2.6.26/net/netfilter/core.c
+@@ -184,9 +184,12 @@ next_hook:
+               ret = 1;
+               goto unlock;
+       } else if (verdict == NF_DROP) {
++drop:
+               kfree_skb(skb);
+               ret = -EPERM;
+       } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
++              if (skb_emergency(skb))
++                      goto drop;
+               if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
+                             verdict >> NF_VERDICT_BITS))
+                       goto next_hook;
IPFire 2.x development tree