Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 84531c24 authored by Phil Oester's avatar Phil Oester Committed by David S. Miller
Browse files

[NETFILTER]: Revert nf_reset change 



Revert the nf_reset change that caused so much trouble, drop conntrack
references manually before packets are queued to packet sockets.

Signed-off-by: default avatarPhil Oester <kernel@linuxace.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 6a2e9b73

net/ipv4/ip_output.c

+0 −9
Original line number Original line Diff line number Diff line
@@ -107,7 +107,6 @@ static int ip_dev_loopback_xmit(struct sk_buff *newskb) 
	newskb->pkt_type = PACKET_LOOPBACK;

	newskb->pkt_type = PACKET_LOOPBACK;

	newskb->ip_summed = CHECKSUM_UNNECESSARY;

	newskb->ip_summed = CHECKSUM_UNNECESSARY;

	BUG_TRAP(newskb->dst);

	BUG_TRAP(newskb->dst);

	nf_reset(newskb);

	netif_rx(newskb);

	netif_rx(newskb);

	return 0;

	return 0;

}

}
@@ -188,14 +187,6 @@ static inline int ip_finish_output2(struct sk_buff *skb) 
		skb = skb2;

		skb = skb2;

	}

	}





#ifdef CONFIG_BRIDGE_NETFILTER

	/* bridge-netfilter defers calling some IP hooks to the bridge layer

	 * and still needs the conntrack reference.

	 */

	if (skb->nf_bridge == NULL)

#endif

		nf_reset(skb);



	if (hh) {

	if (hh) {

		int hh_alen;

		int hh_alen;

net/ipv4/netfilter/ip_conntrack_standalone.c

+7 −0
Original line number Original line Diff line number Diff line
@@ -432,6 +432,13 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum, 
				        const struct net_device *out,

				        const struct net_device *out,

				        int (*okfn)(struct sk_buff *))

				        int (*okfn)(struct sk_buff *))

{

{

#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)

	/* Previously seen (loopback)?  Ignore.  Do this before

           fragment check. */

	if ((*pskb)->nfct)

		return NF_ACCEPT;

#endif



	/* Gather fragments. */

	/* Gather fragments. */

	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {

	if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {

		*pskb = ip_ct_gather_frags(*pskb,

		*pskb = ip_ct_gather_frags(*pskb,

net/packet/af_packet.c

+6 −0
Original line number Original line Diff line number Diff line
@@ -274,6 +274,9 @@ static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev, struct 
	dst_release(skb->dst);

	dst_release(skb->dst);

	skb->dst = NULL;

	skb->dst = NULL;





	/* drop conntrack reference */

	nf_reset(skb);



	spkt = (struct sockaddr_pkt*)skb->cb;

	spkt = (struct sockaddr_pkt*)skb->cb;





	skb_push(skb, skb->data-skb->mac.raw);

	skb_push(skb, skb->data-skb->mac.raw);
@@ -517,6 +520,9 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, struct packe 
	dst_release(skb->dst);

	dst_release(skb->dst);

	skb->dst = NULL;

	skb->dst = NULL;





	/* drop conntrack reference */

	nf_reset(skb);



	spin_lock(&sk->sk_receive_queue.lock);

	spin_lock(&sk->sk_receive_queue.lock);

	po->stats.tp_packets++;

	po->stats.tp_packets++;

	__skb_queue_tail(&sk->sk_receive_queue, skb);

	__skb_queue_tail(&sk->sk_receive_queue, skb);