Subject: [PATCH] appletalk: Fix skb leak when ipddp interface is not loaded

	dev->stats.tx_packets++;

	dev->stats.tx_bytes += skb->len;

        if(aarp_send_ddp(rt->dev, skb, &rt->at, NULL) < 0)

                dev_kfree_skb(skb);

	aarp_send_ddp(rt->dev, skb, &rt->at, NULL);

	spin_unlock(&ipddp_route_lock);

	/* Non ELAP we cannot do. */

	if (dev->type != ARPHRD_ETHER)

		return -1;

		goto free_it;

	skb->dev = dev;

	skb->protocol = htons(ETH_P_ATALK);

	if (!a) {

		/* Whoops slipped... good job it's an unreliable protocol 8) */

		write_unlock_bh(&aarp_lock);

		return -1;

		goto free_it;

	}

	/* Set up the queue */

	write_unlock_bh(&aarp_lock);

	/* Tell the ddp layer we have taken over for this frame. */

	return 0;

	goto sent;

sendit:

	if (skb->sk)

		skb->priority = skb->sk->sk_priority;

	dev_queue_xmit(skb);

	if (dev_queue_xmit(skb))

		goto drop;

sent:

	return 1;

	return NET_XMIT_SUCCESS;

free_it:

	kfree_skb(skb);

drop:

	return NET_XMIT_DROP;

}

EXPORT_SYMBOL(aarp_send_ddp);

/*

 *	An entry in the aarp unresolved queue has become resolved. Send

	struct net_device_stats *stats;

	/* This needs to be able to handle ipddp"N" devices */

	if (!dev)

		return -ENODEV;

	if (!dev) {

		kfree_skb(skb);

		return NET_RX_DROP;

	}

	skb->protocol = htons(ETH_P_IP);

	skb_pull(skb, 13);

	stats = netdev_priv(dev);

	stats->rx_packets++;

	stats->rx_bytes += skb->len + 13;

	netif_rx(skb);  /* Send the SKB up to a higher place. */

	return 0;

	return netif_rx(skb);  /* Send the SKB up to a higher place. */

}

#else

/* make it easy for gcc to optimize this test out, i.e. kill the code */

#define handle_ip_over_ddp(skb) 0

#endif

static void atalk_route_packet(struct sk_buff *skb, struct net_device *dev,

			       struct ddpehdr *ddp, __u16 len_hops,

			       int origlen)

static int atalk_route_packet(struct sk_buff *skb, struct net_device *dev,

			      struct ddpehdr *ddp, __u16 len_hops, int origlen)

{

	struct atalk_route *rt;

	struct atalk_addr ta;

		/* 22 bytes - 12 ether, 2 len, 3 802.2 5 snap */

		struct sk_buff *nskb = skb_realloc_headroom(skb, 32);

		kfree_skb(skb);

		if (!nskb)

			goto out;

		skb = nskb;

	} else

		skb = skb_unshare(skb, GFP_ATOMIC);

	 * If the buffer didn't vanish into the lack of space bitbucket we can

	 * send it.

	 */

	if (skb && aarp_send_ddp(rt->dev, skb, &ta, NULL) == -1)

		goto free_it;

out:

	return;

	if (skb == NULL)

		goto drop;

	if (aarp_send_ddp(rt->dev, skb, &ta, NULL) == NET_XMIT_DROP)

		return NET_RX_DROP;

	return NET_XMIT_SUCCESS;

free_it:

	kfree_skb(skb);

drop:

	return NET_RX_DROP;

}

/**

		/* Not ours, so we route the packet via the correct

		 * AppleTalk iface

		 */

		atalk_route_packet(skb, dev, ddp, len_hops, origlen);

		return NET_RX_SUCCESS;

		return atalk_route_packet(skb, dev, ddp, len_hops, origlen);

	}

	/* if IP over DDP is not selected this code will be optimized out */

		if (skb2) {

			loopback = 1;

			SOCK_DEBUG(sk, "SK %p: send out(copy).\n", sk);

			if (aarp_send_ddp(dev, skb2,

					  &usat->sat_addr, NULL) == -1)

				kfree_skb(skb2);

				/* else queued/sent above in the aarp queue */

			/*

			 * If it fails it is queued/sent above in the aarp queue

			 */

			aarp_send_ddp(dev, skb2, &usat->sat_addr, NULL);

		}

	}

		    usat = &gsat;

		}

		if (aarp_send_ddp(dev, skb, &usat->sat_addr, NULL) == -1)

			kfree_skb(skb);

		/* else queued/sent above in the aarp queue */

		/*

		 * If it fails it is queued/sent above in the aarp queue

		 */

		aarp_send_ddp(dev, skb, &usat->sat_addr, NULL);

	}

	SOCK_DEBUG(sk, "SK %p: Done write (%Zd).\n", sk, len);

static unsigned char ddp_snap_id[] = { 0x08, 0x00, 0x07, 0x80, 0x9B };

/* Export symbols for use by drivers when AppleTalk is a module */

EXPORT_SYMBOL(aarp_send_ddp);

EXPORT_SYMBOL(atrtr_get_dev);

EXPORT_SYMBOL(atalk_find_dev_addr);