[PATCH] ip_conntrack: fix handling of OOM

Mon, 08 Aug 2005 13:07:27 -0700 

Hi Dave, please apply to net-2.6.14,

[ok, now back to vdev]
-- 
- Harald Welte <[EMAIL PROTECTED]>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[NETFILTER] return ENOMEM when ip_conntrack_alloc() fails.

This patch fixes the bug which doesn't return ERR_PTR(-ENOMEM) if it failed
to allocate memory space from slab cache.  This bug leads to erroneously
not dropped packets under stress, and wrong statistic counters ('invalid'
is incremented instead of 'drop').  It was introduced during the ctnetlink
merge in the net-2.6.14 tree, so no stable or mainline releases affected.

Signed-off-by: Yasuyuki Kozakai <[EMAIL PROTECTED]>
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>

---
commit 5fd482be95fb5c0f60e1dc51bcd956ed535c33cb
tree 64c3930d4f4e701db945b27ebfe972d83ee1ed30
parent 041cf7f2c1158ae8e9b6d8173b77cbcc878cb54c
author Harald Welte <[EMAIL PROTECTED]> Mo, 08 Aug 2005 21:57:59 +0200
committer Harald Welte <[EMAIL PROTECTED]> Mo, 08 Aug 2005 21:57:59 +0200

 net/ipv4/netfilter/ip_conntrack_core.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c 
b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -655,7 +655,7 @@ struct ip_conntrack *ip_conntrack_alloc(
        conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
        if (!conntrack) {
                DEBUGP("Can't allocate conntrack.\n");
-               return NULL;
+               return ERR_PTR(-ENOMEM);
        }
 
        memset(conntrack, 0, sizeof(*conntrack));
@@ -696,8 +696,9 @@ init_conntrack(struct ip_conntrack_tuple
                return NULL;
        }
 
-       if (!(conntrack = ip_conntrack_alloc(tuple, &repl_tuple)))
-               return NULL;
+       conntrack = ip_conntrack_alloc(tuple, &repl_tuple);
+       if (conntrack == NULL || IS_ERR(conntrack))
+               return (struct ip_conntrack_tuple_hash *)conntrack;
 
        if (!protocol->new(conntrack, skb)) {
                ip_conntrack_free(conntrack);

Attachment: pgpkZc6Bg1qeI.pgp
Description: PGP signature

Reply via email to