From: Jeff Lucovsky Date: Sun, 19 Mar 2023 12:59:43 +0000 (-0400) Subject: nfq: Ensure packet release function set X-Git-Tag: suricata-7.0.0-rc2~306 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b470b5563559f5e6e0bbd88fba437e298b29930d;p=thirdparty%2Fsuricata.git nfq: Ensure packet release function set Issue: 5916 This commit ensures that the packet release function is set in case the packet is released early. --- diff --git a/src/source-nfq.c b/src/source-nfq.c index 299d4b269c..b0f0eba04e 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -145,6 +145,7 @@ static TmEcode DecodeNFQThreadInit(ThreadVars *, const void *, void **); static TmEcode DecodeNFQThreadDeinit(ThreadVars *tv, void *data); static TmEcode NFQSetVerdict(Packet *p); +static void NFQReleasePacket(Packet *p); typedef enum NFQMode_ { NFQ_ACCEPT_MODE, @@ -407,6 +408,10 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) char *pktdata; struct nfqnl_msg_packet_hdr *ph; + // Early release function -- will be updated once repeat + // mode handling has been done + p->ReleasePacket = PacketFreeOrRelease; + ph = nfq_get_msg_packet_hdr(tb); if (ph != NULL) { p->nfq_v.id = SCNtohl(ph->packet_id); @@ -431,6 +436,9 @@ static int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) return -1 ; } } + + // Switch to full featured release function + p->ReleasePacket = NFQReleasePacket; p->nfq_v.ifi = nfq_get_indev(tb); p->nfq_v.ifo = nfq_get_outdev(tb); p->nfq_v.verdicted = 0; @@ -532,6 +540,7 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, if (nfq_config.bypass_mask) { p->BypassPacketsFlow = NFQBypassCallback; } + ret = NFQSetupPkt(p, qh, (void *)nfa); if (ret == -1) { #ifdef COUNTERS @@ -548,8 +557,6 @@ static int NFQCallBack(struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, return 0; } - p->ReleasePacket = NFQReleasePacket; - #ifdef COUNTERS NFQQueueVars *q = NFQGetQueue(ntv->nfq_index); q->pkts++;