From b470b5563559f5e6e0bbd88fba437e298b29930d Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Sun, 19 Mar 2023 08:59:43 -0400 Subject: [PATCH] nfq: Ensure packet release function set Issue: 5916 This commit ensures that the packet release function is set in case the packet is released early. --- src/source-nfq.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/source-nfq.c b/src/source-nfq.c index 299d4b269c..b0f0eba04e 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -145,6 +145,7 @@ static TmEcode DecodeNFQThreadInit(ThreadVars *, const void *, void **); static TmEcode DecodeNFQThreadDeinit(ThreadVars *tv, void *data); static TmEcode NFQSetVerdict(Packet *p); +static void NFQReleasePacket(Packet *p); typedef enum NFQMode_ { NFQ_ACCEPT_MODE, @@ -407,6 +408,10 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) char *pktdata; struct nfqnl_msg_packet_hdr *ph; + // Early release function -- will be updated once repeat + // mode handling has been done + p->ReleasePacket = PacketFreeOrRelease; + ph = nfq_get_msg_packet_hdr(tb); if (ph != NULL) { p->nfq_v.id = SCNtohl(ph->packet_id); @@ -431,6 +436,9 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) return -1 ; } } + + // Switch to full featured release function + p->ReleasePacket = NFQReleasePacket; p->nfq_v.ifi = nfq_get_indev(tb); p->nfq_v.ifo = nfq_get_outdev(tb); p->nfq_v.verdicted = 0; @@ -532,6 +540,7 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, if (nfq_config.bypass_mask) { p->BypassPacketsFlow = NFQBypassCallback; } + ret = NFQSetupPkt(p, qh, (void *)nfa); if (ret == -1) { #ifdef COUNTERS @@ -548,8 +557,6 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, return 0; } - p->ReleasePacket = NFQReleasePacket; - #ifdef COUNTERS NFQQueueVars *q = NFQGetQueue(ntv->nfq_index); q->pkts++; -- 2.47.3