Hi there!
oom-loop fixes error handling after a netlink failure - it does not do a
cleanup and it makes every next call to ip_fw_check to detect a
loop and drop the packet.
nlma fixes a call to netlink_broadcast with GFP_KERNEL ( passed to
skb_clone ) while we are in_interrupt() ( catched by a BUG() in
slab.c:1109 ).
2.4 patches apply to 2.5 too , tested on 2.5.15.
--
Best Regards,
Alexander Atanasov
--- net/ipv4/netfilter/ipchains_core.c.orig Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c Fri May 24 19:31:24 2002
@@ -723,6 +723,7 @@
src_port, dst_port,
count, tcpsyn)) {
ret = FW_BLOCK;
+ cleanup(chain, 0, slot);
goto out;
}
break;
--- net/ipv4/netfilter/ipchains_core.c.orig Fri May 24 19:27:01 2002
+++ net/ipv4/netfilter/ipchains_core.c Fri May 24 19:27:34 2002
@@ -549,7 +549,7 @@
strcpy(outskb->data+sizeof(__u32)*2, rif);
memcpy(outskb->data+sizeof(__u32)*2+IFNAMSIZ, ip,
len-(sizeof(__u32)*2+IFNAMSIZ));
- netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_KERNEL);
+ netlink_broadcast(ipfwsk, outskb, 0, ~0, GFP_ATOMIC);
}
else {
#endif
--- net/ipv4/ip_fw.c.orig Fri May 24 19:33:52 2002
+++ net/ipv4/ip_fw.c Fri May 24 19:34:18 2002
@@ -747,6 +747,7 @@
src_port, dst_port,
count, tcpsyn)) {
ret = FW_BLOCK;
+ cleanup(chain, 0, slot);
goto out;
}
break;
