Commit d2a7bb71 authored by Harald Welte's avatar Harald Welte Committed by Arnaldo Carvalho de Melo

[NETFILTER] NAT: Fix module refcount dropping too far

The unknown protocol is used as a fallback when a protocol isn't known.
Hence we cannot handle it failing, so don't set ".me".  It's OK, since we
only grab a reference from within the same module (iptable_nat.ko), so we
never take the module refcount from 0 to 1.

Also, remove the "protocol is NULL" test: it's never NULL.
Signed-off-by: default avatarRusty Rusty <rusty@rustcorp.com.au>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@mandriva.com>
parent d811552e
...@@ -66,10 +66,8 @@ ip_nat_proto_find_get(u_int8_t protonum) ...@@ -66,10 +66,8 @@ ip_nat_proto_find_get(u_int8_t protonum)
* removed until we've grabbed the reference */ * removed until we've grabbed the reference */
preempt_disable(); preempt_disable();
p = __ip_nat_proto_find(protonum); p = __ip_nat_proto_find(protonum);
if (p) {
if (!try_module_get(p->me)) if (!try_module_get(p->me))
p = &ip_nat_unknown_protocol; p = &ip_nat_unknown_protocol;
}
preempt_enable(); preempt_enable();
return p; return p;
......
...@@ -62,7 +62,7 @@ unknown_print_range(char *buffer, const struct ip_nat_range *range) ...@@ -62,7 +62,7 @@ unknown_print_range(char *buffer, const struct ip_nat_range *range)
struct ip_nat_protocol ip_nat_unknown_protocol = { struct ip_nat_protocol ip_nat_unknown_protocol = {
.name = "unknown", .name = "unknown",
.me = THIS_MODULE, /* .me isn't set: getting a ref to this cannot fail. */
.manip_pkt = unknown_manip_pkt, .manip_pkt = unknown_manip_pkt,
.in_range = unknown_in_range, .in_range = unknown_in_range,
.unique_tuple = unknown_unique_tuple, .unique_tuple = unknown_unique_tuple,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment