[PATCH net-2.6] [NETFILTER] Misc Cleanups.

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH net-2.6] [NETFILTER] Misc Cleanups.
       [not found] ` <4843C183.4060008@trash.net>
@ 2008-06-02 11:11   ` Rami Rosen
  2008-06-02 11:18     ` Patrick McHardy
  0 siblings, 1 reply; 2+ messages in thread
From: Rami Rosen @ 2008-06-02 11:11 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: David Miller, netfilter-devel, linux-kernel

[-- Attachment #1: Type: text/plain, Size: 2157 bytes --]

Hi,
  - Thanks for your comments; I was not aware that this issues occur
in other places too; attached here is another patch, fixing where
applicable in ip6_queue and nfnetlink_queue.

  1) in net/ipv6/netfilter/ip6_queue.c
    - No need to perform data_len = 0 in the switch command, since data_len
	   is initialized to 0 in the beginning of the
ipq_build_packet_message() method
    - We can reach nlmsg_failure only from one place; skb is sure to be NULL
	     when getting there; since skb is NULL, there is no need to check this fact
	     and call kfree_skb().

2) in net/netfilter/nfnetlink_queue.c:
    - No need to perform data_len = 0 in the switch command, since data_len
	   is initialized to 0 in the beginning of the
nfqnl_build_packet_message() method

(Note: here, as opposed to previous patch, nlmsg_failure must check
skb and free it if it is not NULL, so the call to kfree_skb() is
needed , so it is not removed)
	
 	

Regards,
Rami Rosen


Signed-off-by: Rami Rosen <ramirose@gmail.com>


On Mon, Jun 2, 2008 at 12:46 PM, Patrick McHardy <kaber@trash.net> wrote:
> David Miller wrote:
>>
>> Forwarding to netfilter-devel where this belongs...
>
> Thanks.
>
>>        In this patch, these three fixes were made in
>> net/ipv4/netfilter/ip_queue.c:
>>
>>        1) No need to perform data_len = 0 in the switch command, since
>> data_len
>>           is initialized to 0 in the beginning of the method
>> ,ipq_build_packet_message().
>>
>>        2) We can reach nlmsg_failure only from one place; skb is sure to
>> be NULL
>>           when getting there; since skb is NULL, there is no need to check
>> this fact
>>           and call kfree_skb().
>>
>>        3) Add #ifdef CONFIG_PROC_FS when removing the VFS entry,
>>                 proc_net_remove(&init_net, IPQ_PROC_FS_NAME);
>>
>>
>> Regards,
>> Rami Rosen
>>
>>
>> Signed-off-by: Rami Rosen <ramirose@gmail.com>
>
> 1) also affects ip6_queue and nfnetlink_queue
> 2) also affects ip6_queue
> 3) is unnecessary since proc_net_remove is a NOP without
>   CONFIG_PROC_FS
>
> Please update your patch to also change ip6_queue and
> nfnetlink_queue where applicable. Thanks.
>
>
>

[-- Attachment #2: patch.txt --]
[-- Type: text/plain, Size: 1068 bytes --]

diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index 2eff3ae..1b8815f 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -159,7 +159,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
 	case IPQ_COPY_META:
 	case IPQ_COPY_NONE:
 		size = NLMSG_SPACE(sizeof(*pmsg));
-		data_len = 0;
 		break;
 
 	case IPQ_COPY_PACKET:
@@ -226,8 +225,6 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp)
 	return skb;
 
 nlmsg_failure:
-	if (skb)
-		kfree_skb(skb);
 	*errp = -EINVAL;
 	printk(KERN_ERR "ip6_queue: error creating packet message\n");
 	return NULL;
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 3447025..04e9c96 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -243,7 +243,6 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
 	switch ((enum nfqnl_config_mode)queue->copy_mode) {
 	case NFQNL_COPY_META:
 	case NFQNL_COPY_NONE:
-		data_len = 0;
 		break;
 
 	case NFQNL_COPY_PACKET:

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH net-2.6] [NETFILTER] Misc Cleanups.
  2008-06-02 11:11   ` [PATCH net-2.6] [NETFILTER] Misc Cleanups Rami Rosen
@ 2008-06-02 11:18     ` Patrick McHardy
  0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2008-06-02 11:18 UTC (permalink / raw)
  To: Rami Rosen; +Cc: David Miller, netfilter-devel, linux-kernel

Rami Rosen wrote:
> Hi,
>   - Thanks for your comments; I was not aware that this issues occur
> in other places too; attached here is another patch, fixing where
> applicable in ip6_queue and nfnetlink_queue.
> 
>   1) in net/ipv6/netfilter/ip6_queue.c
>     - No need to perform data_len = 0 in the switch command, since data_len
> 	   is initialized to 0 in the beginning of the
> ipq_build_packet_message() method
>     - We can reach nlmsg_failure only from one place; skb is sure to be NULL
> 	     when getting there; since skb is NULL, there is no need to check this fact
> 	     and call kfree_skb().
> 
> 2) in net/netfilter/nfnetlink_queue.c:
>     - No need to perform data_len = 0 in the switch command, since data_len
> 	   is initialized to 0 in the beginning of the
> nfqnl_build_packet_message() method
> 
> (Note: here, as opposed to previous patch, nlmsg_failure must check
> skb and free it if it is not NULL, so the call to kfree_skb() is
> needed , so it is not removed)


I've queued this patch and the previous one (without the procfs
bits) as one combined patch for 2.6.27, thanks.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-06-02 11:19 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20080601.234549.229050768.davem@davemloft.net>
     [not found] ` <4843C183.4060008@trash.net>
2008-06-02 11:11   ` [PATCH net-2.6] [NETFILTER] Misc Cleanups Rami Rosen
2008-06-02 11:18     ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox