]>
Commit | Line | Data |
---|---|---|
1 | From: Peter Zijlstra <a.p.zijlstra@chello.nl> | |
2 | Subject: netfilter: NF_QUEUE vs emergency skbs | |
3 | Patch-mainline: No | |
4 | References: FATE#303834 | |
5 | ||
6 | Avoid memory getting stuck waiting for userspace, drop all emergency packets. | |
7 | This of course requires the regular storage route to not include an NF_QUEUE | |
8 | target ;-) | |
9 | ||
10 | Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> | |
11 | Acked-by: Neil Brown <neilb@suse.de> | |
12 | Acked-by: Suresh Jayaraman <sjayaraman@suse.de> | |
13 | ||
14 | --- | |
15 | net/netfilter/core.c | 3 +++ | |
16 | 1 file changed, 3 insertions(+) | |
17 | ||
18 | Index: linux-2.6.26/net/netfilter/core.c | |
19 | =================================================================== | |
20 | --- linux-2.6.26.orig/net/netfilter/core.c | |
21 | +++ linux-2.6.26/net/netfilter/core.c | |
22 | @@ -184,9 +184,12 @@ next_hook: | |
23 | ret = 1; | |
24 | goto unlock; | |
25 | } else if (verdict == NF_DROP) { | |
26 | +drop: | |
27 | kfree_skb(skb); | |
28 | ret = -EPERM; | |
29 | } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { | |
30 | + if (skb_emergency(skb)) | |
31 | + goto drop; | |
32 | if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn, | |
33 | verdict >> NF_VERDICT_BITS)) | |
34 | goto next_hook; |