summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-06-27 12:01:48 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2006-06-30 01:57:48 +0200
commitef47c6a7b8e36e3b160433673b1b68db799aabcd (patch)
treee79198a36e216e29bb31588b0a9d69d476399f5c
parent[NETFILTER]: xt_sctp: fix --chunk-types matching (diff)
downloadlinux-ef47c6a7b8e36e3b160433673b1b68db799aabcd.tar.xz
linux-ef47c6a7b8e36e3b160433673b1b68db799aabcd.zip
[NETFILTER]: ip_queue/nfnetlink_queue: drop bridge port references when dev disappears
When a device that is acting as a bridge port is unregistered, the ip_queue/nfnetlink_queue notifier doesn't check if its one of physindev/physoutdev and doesn't release the references if it is. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/netfilter/ip_queue.c12
-rw-r--r--net/netfilter/nfnetlink_queue.c12
2 files changed, 20 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index b93f0494362f..213d116e5bb9 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -457,11 +457,19 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex)
if (entry->info->indev)
if (entry->info->indev->ifindex == ifindex)
return 1;
-
if (entry->info->outdev)
if (entry->info->outdev->ifindex == ifindex)
return 1;
-
+#ifdef CONFIG_BRIDGE_NETFILTER
+ if (entry->skb->nf_bridge) {
+ if (entry->skb->nf_bridge->physindev &&
+ entry->skb->nf_bridge->physindev->ifindex == ifindex)
+ return 1;
+ if (entry->skb->nf_bridge->physoutdev &&
+ entry->skb->nf_bridge->physoutdev->ifindex == ifindex)
+ return 1;
+ }
+#endif
return 0;
}
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 86a4ac33de34..49ef41e34c48 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -680,11 +680,19 @@ dev_cmp(struct nfqnl_queue_entry *entry, unsigned long ifindex)
if (entinf->indev)
if (entinf->indev->ifindex == ifindex)
return 1;
-
if (entinf->outdev)
if (entinf->outdev->ifindex == ifindex)
return 1;
-
+#ifdef CONFIG_BRIDGE_NETFILTER
+ if (entry->skb->nf_bridge) {
+ if (entry->skb->nf_bridge->physindev &&
+ entry->skb->nf_bridge->physindev->ifindex == ifindex)
+ return 1;
+ if (entry->skb->nf_bridge->physoutdev &&
+ entry->skb->nf_bridge->physoutdev->ifindex == ifindex)
+ return 1;
+ }
+#endif
return 0;
}