(usagi-users 02864) ip6t_REJECT dst underflow

[Olaf Kirch <okir@xxxxxxx>]

Hi,

the ip6t_REJECT module currently produces dst underruns when used.
The problem is that it assigns the dst pointer to the new skb without
bumping its reference count. The attached patch fixes this.

A second issue I came across isn't really a bug but more of
a minor nuisance.

When I configured ip6t_REJECT to reject packets to ::1 and then pinged
::1, I would get in my syslog

	Mar 25 14:16:05 hammer kernel: printk: 2 messages suppressed.

without telling me what message got suppressed. The problem is that the
code does the following in two locations:

	if (net_ratelimit())
		DEBUGP(....)

So with debugging off, all you get is the above mentioned messages
from net_ratelimit but nothing else. Either the DEBUGP needs to be
converted to a printk, or the entire if() statement needs to be
enclosed in an #if/#endif pair.

Olaf
-- 
Olaf Kirch     |  Stop wasting entropy - start using predictable
okir@xxxxxxx   |  tempfile names today!
---------------+ 

--- ip6t_REJECT.c.orig	2004-03-25 14:09:50.000000000 +0100
+++ ip6t_REJECT.c	2004-03-25 14:22:18.000000000 +0100
@@ -145,6 +145,7 @@
 	}
 
 	nskb->dst = dst;
+	dst_hold(dst);
 
 	skb_reserve(nskb, hh_len + dst->header_len);
 
@@ -242,7 +243,7 @@
 
 		if (!(type & ICMPV6_INFOMSG_MASK)) {
 			if (net_ratelimit())
-				DEBUGP("ip6t_REJECT: no reply to icmp error\n");
+				printk(KERN_DEBUG "ip6t_REJECT: no reply to icmp error\n");
 			return;
 		}
         } else if (proto == IPPROTO_UDP) {
@@ -279,7 +280,5 @@
 
 	if (ip6_dst_lookup(NULL, &dst, &fl)) {
-		if (net_ratelimit())
-			DEBUGP("can't find dst");
 		return;
 	}
 
@@ -316,6 +317,7 @@
 
 	nskb->priority = 0;
 	nskb->dst = dst;
+	dst_hold(dst);
 
 	skb_reserve(nskb, hh_len + dst->header_len);