At 2017-05-09 17:21:02, "Florian Westphal" <f...@strlen.de> wrote: >gfree.w...@vip.163.com <gfree.w...@vip.163.com> wrote: >> When one netfilter rule or hook stoles the skb and return NF_STOLEN, >> it means the skb is taken by the rule, and other modules should not >> touch this skb ever. Maybe the skb is queued or freed directly by the >> rule. >> >> Now uses the nf_hook instead of NF_HOOK to get the result of netfilter, >> and check the return value of nf_hook. Only when its value equals 1, it >> means the skb could go ahead. Or reset the skb as NULL. >> >> BTW, because vrf_rcv_finish is empty function, so needn't invoke it >> even though nf_hook returns 1. > >Thats a bug then. > >The okfn (if called) takes ownership of skb and must free it eventually. >Otherwise userspace queueing leaks skb on reinjection. > >(see nf_reinject() and its use of okfn()).
Thanks, I only thought about the stolen case like synproxy which would free the skb directly, and forget the userspace could reinject the skb. I would update the patch. Best Regards Feng
