diff options
| author | Patrick McHardy <kaber@trash.net> | 2005-04-25 12:01:07 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2005-04-25 12:01:07 -0700 |
| commit | b31e5b1bb53b99dfd5e890aa07e943aff114ae1c (patch) | |
| tree | 081d0f1223db0f7cda1fdaa3058ed4fefb28d9fc /net/ipv4/netfilter/ip_conntrack_standalone.c | |
| parent | f649a3bfd1b0ad8872312ed1c223d69b74406e1f (diff) | |
| download | linux-b31e5b1bb53b99dfd5e890aa07e943aff114ae1c.tar.gz | |
[NETFILTER]: Drop conntrack reference when packet leaves IP
In the event a raw socket is created for sending purposes only, the creator
never bothers to check the socket's receive queue. But we continue to
add skbs to its queue until it fills up.
Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the
queue potentially holds a reference to a conntrack. If the user attempts
to unload ip_conntrack, we will spin around forever since the queued skbs
are pinned.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/ip_conntrack_standalone.c')
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 0c29ccf62a8978..46ca45f74d85b6 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c @@ -431,13 +431,6 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum, const struct net_device *out, int (*okfn)(struct sk_buff *)) { -#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE) - /* Previously seen (loopback)? Ignore. Do this before - fragment check. */ - if ((*pskb)->nfct) - return NF_ACCEPT; -#endif - /* Gather fragments. */ if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { *pskb = ip_ct_gather_frags(*pskb, |