Revision e7c243c925f6d9dcb898504ff24d6650b5cbb3b1 authored by Evgeniy Polyakov on 25 August 2007, 06:36:29 UTC, committed by David S. Miller on 27 August 2007, 01:35:47 UTC
I tried to preserve bridging code as it was before, but logic is quite strange - I think we should free skb on error, since it is already unshared and thus will just leak. Herbert Xu states: > + if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) > + goto out; If this happens it'll be a double-free on skb since we'll return NF_DROP which makes the caller free it too. We could return NF_STOLEN to prevent that but I'm not sure whether that's correct netfilter semantics. Patrick, could you please make a call on this? Patrick McHardy states: NF_STOLEN should work fine here. Signed-off-by: Evgeniy Polyakov <johnpol@2ka.mipt.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 7c8347a
rawv6.h
#ifndef _NET_RAWV6_H
#define _NET_RAWV6_H
#ifdef __KERNEL__
#include <net/protocol.h>
#define RAWV6_HTABLE_SIZE MAX_INET_PROTOS
extern struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE];
extern rwlock_t raw_v6_lock;
extern int ipv6_raw_deliver(struct sk_buff *skb, int nexthdr);
extern struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
int dif);
extern int rawv6_rcv(struct sock *sk,
struct sk_buff *skb);
extern void rawv6_err(struct sock *sk,
struct sk_buff *skb,
struct inet6_skb_parm *opt,
int type, int code,
int offset, __be32 info);
#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
int rawv6_mh_filter_register(int (*filter)(struct sock *sock,
struct sk_buff *skb));
int rawv6_mh_filter_unregister(int (*filter)(struct sock *sock,
struct sk_buff *skb));
#endif
#endif
#endif
Computing file changes ...
