[people/teissler/ipfire-2.x.git] / src / patches / suse-2.6.27.39 / patches.suse / SoN-24-emergency-nf_queue.patch

From: Peter Zijlstra <a.p.zijlstra@chello.nl> 
Subject: netfilter: NF_QUEUE vs emergency skbs
Patch-mainline: No
References: FATE#303834

Avoid memory getting stuck waiting for userspace, drop all emergency packets.
This of course requires the regular storage route to not include an NF_QUEUE
target ;-)

Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Acked-by: Neil Brown <neilb@suse.de>
Acked-by: Suresh Jayaraman <sjayaraman@suse.de>

---
 net/netfilter/core.c |    3 +++
 1 file changed, 3 insertions(+)

Index: linux-2.6.26/net/netfilter/core.c
===================================================================
--- linux-2.6.26.orig/net/netfilter/core.c
+++ linux-2.6.26/net/netfilter/core.c
@@ -184,9 +184,12 @@ next_hook:
 		ret = 1;
 		goto unlock;
 	} else if (verdict == NF_DROP) {
+drop:
 		kfree_skb(skb);
 		ret = -EPERM;
 	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
+		if (skb_emergency(skb))
+			goto drop;
 		if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
 			      verdict >> NF_VERDICT_BITS))
 			goto next_hook;
Commit	Line	Data
2cb7cef9 BS	1	From: Peter Zijlstra <a.p.zijlstra@chello.nl>
	2	Subject: netfilter: NF_QUEUE vs emergency skbs
	3	Patch-mainline: No
	4	References: FATE#303834
	5
	6	Avoid memory getting stuck waiting for userspace, drop all emergency packets.
	7	This of course requires the regular storage route to not include an NF_QUEUE
	8	target ;-)
	9
	10	Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
	11	Acked-by: Neil Brown <neilb@suse.de>
	12	Acked-by: Suresh Jayaraman <sjayaraman@suse.de>
	13
	14	---
	15	net/netfilter/core.c \| 3 +++
	16	1 file changed, 3 insertions(+)
	17
	18	Index: linux-2.6.26/net/netfilter/core.c
	19	===================================================================
	20	--- linux-2.6.26.orig/net/netfilter/core.c
	21	+++ linux-2.6.26/net/netfilter/core.c
	22	@@ -184,9 +184,12 @@ next_hook:
	23	ret = 1;
	24	goto unlock;
	25	} else if (verdict == NF_DROP) {
	26	+drop:
	27	kfree_skb(skb);
	28	ret = -EPERM;
	29	} else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) {
	30	+ if (skb_emergency(skb))
	31	+ goto drop;
	32	if (!nf_queue(skb, elem, pf, hook, indev, outdev, okfn,
	33	verdict >> NF_VERDICT_BITS))
	34	goto next_hook;