[NETFILTER]: nf_queue: handle NF_STOP and unknown verdicts in nf_reinject
In case of an unknown verdict or NF_STOP the packet leaks. Unknown verdicts can happen when userspace is buggy. Reinject the packet in case of NF_STOP, drop on unknown verdicts. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
David S. Miller
parent
083edca05a
commit
3bc38712e3
1 changed files with 4 additions and 5 deletions
|
|
@ -219,21 +219,20 @@ void nf_reinject(struct sk_buff *skb, struct nf_info *info,
|
||||||
|
|
||||||
switch (verdict & NF_VERDICT_MASK) {
|
switch (verdict & NF_VERDICT_MASK) {
|
||||||
case NF_ACCEPT:
|
case NF_ACCEPT:
|
||||||
|
case NF_STOP:
|
||||||
info->okfn(skb);
|
info->okfn(skb);
|
||||||
|
case NF_STOLEN:
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case NF_QUEUE:
|
case NF_QUEUE:
|
||||||
if (!nf_queue(&skb, elem, info->pf, info->hook,
|
if (!nf_queue(&skb, elem, info->pf, info->hook,
|
||||||
info->indev, info->outdev, info->okfn,
|
info->indev, info->outdev, info->okfn,
|
||||||
verdict >> NF_VERDICT_BITS))
|
verdict >> NF_VERDICT_BITS))
|
||||||
goto next_hook;
|
goto next_hook;
|
||||||
break;
|
break;
|
||||||
|
default:
|
||||||
|
kfree_skb(skb);
|
||||||
}
|
}
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
|
|
||||||
if (verdict == NF_DROP)
|
|
||||||
kfree_skb(skb);
|
|
||||||
|
|
||||||
kfree(info);
|
kfree(info);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue