[IPVS]: Avoid returning NF_DROP from the packet schedulers.

024753b7 · Julian Anastasov · David S. Miller · 4c264484 · 024753b7 · 024753b7
Commit 024753b7 authored Oct 07, 2003 by Julian Anastasov Committed by David S. Miller Oct 07, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 8 deletions

include/net/ip_vs.h include/net/ip_vs.h +2 -2

net/ipv4/ipvs/ip_vs_core.c net/ipv4/ipvs/ip_vs_core.c +5 -1

net/ipv4/ipvs/ip_vs_xmit.c net/ipv4/ipvs/ip_vs_xmit.c +12 -5

No files found.
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -525,8 +525,8 @@ struct ip_vs_conn {
 	atomic_t                in_pkts;        /* incoming packet counter */

 	/* packet transmitter for different forwarding methods.  If it
-	   mangles the packet, it must return NF_DROP or NF_STOLEN, otherwise
-	   this must be changed to a sk_buff **.
+	   mangles the packet, it must return NF_DROP or better NF_STOLEN,
+	   otherwise this must be changed to a sk_buff **.
 	 */
 	int (*packet_xmit)(struct sk_buff *skb, struct ip_vs_conn *cp,
 			   struct ip_vs_protocol *pp);

--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -485,6 +485,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,

 		/* transmit the first SYN packet */
 		ret = cp->packet_xmit(skb, cp, pp);
+		/* do not touch skb anymore */

 		atomic_inc(&cp->in_pkts);
 		ip_vs_conn_put(cp);
@@ -822,7 +823,8 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,

  drop:
 	ip_vs_conn_put(cp);
-	return NF_DROP;
+	kfree_skb(*pskb);
+	return NF_STOLEN;
 }


@@ -939,6 +941,7 @@ static int ip_vs_in_icmp(struct sk_buff **pskb, int *related)
 	if (IPPROTO_TCP == ciph.protocol || IPPROTO_UDP == ciph.protocol)
 		offset += 2 * sizeof(__u16);
 	verdict = ip_vs_icmp_xmit(skb, cp, pp, offset);
+	/* do not touch skb anymore */

  out:
 	__ip_vs_conn_put(cp);
@@ -1032,6 +1035,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
 	restart = ip_vs_set_state(cp, IP_VS_DIR_INPUT, skb, pp);
 	if (cp->packet_xmit)
 		ret = cp->packet_xmit(skb, cp, pp);
+		/* do not touch skb anymore */
 	else {
 		IP_VS_DBG_RL("warning: packet_xmit is null");
 		ret = NF_ACCEPT;

--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -143,6 +143,7 @@ int
 ip_vs_null_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 		struct ip_vs_protocol *pp)
 {
+	/* we do not touch skb and do not need pskb ptr */
 	return NF_ACCEPT;
 }

@@ -214,8 +215,9 @@ ip_vs_bypass_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 tx_error_icmp:
 	dst_link_failure(skb);
 tx_error:
+	kfree_skb(skb);
 	LeaveFunction(10);
-	return NF_DROP;
+	return NF_STOLEN;
 }


@@ -292,7 +294,8 @@ ip_vs_nat_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 	dst_link_failure(skb);
  tx_error:
 	LeaveFunction(10);
-	return NF_DROP;
+	kfree_skb(skb);
+	return NF_STOLEN;
  tx_error_put:
 	ip_rt_put(rt);
 	goto tx_error;
@@ -375,8 +378,9 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 			skb_realloc_headroom(skb, max_headroom);
 		if (!new_skb) {
 			ip_rt_put(rt);
+			kfree_skb(skb);
 			IP_VS_ERR_RL("ip_vs_tunnel_xmit(): no memory\n");
-			return NF_DROP;
+			return NF_STOLEN;
 		}
 		kfree_skb(skb);
 		skb = new_skb;
@@ -429,8 +433,9 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
  tx_error_icmp:
 	dst_link_failure(skb);
  tx_error:
+	kfree_skb(skb);
 	LeaveFunction(10);
-	return NF_DROP;
+	return NF_STOLEN;
 }


@@ -488,8 +493,9 @@ ip_vs_dr_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
  tx_error_icmp:
 	dst_link_failure(skb);
  tx_error:
+	kfree_skb(skb);
 	LeaveFunction(10);
-	return NF_DROP;
+	return NF_STOLEN;
 }


@@ -515,6 +521,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
 			rc = cp->packet_xmit(skb, cp, pp);
 		else
 			rc = NF_ACCEPT;
+		/* do not touch skb anymore */
 		atomic_inc(&cp->in_pkts);
 		__ip_vs_conn_put(cp);
 		goto out;