From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 13 Jan 2011 13:19:55 +0000 (+0100)
Subject: netfilter: ctnetlink: fix loop in ctnetlink_get_conntrack()
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=f31e8d4982653b39fe312f9938be0f49dd9ab5fa;p=linux-beck.git

netfilter: ctnetlink: fix loop in ctnetlink_get_conntrack()

This patch fixes a loop in ctnetlink_get_conntrack() that can be
triggered if you use the same socket to receive events and to
perform a GET operation. Under heavy load, netlink_unicast()
may return -EAGAIN, this error code is reserved in nfnetlink for
the module load-on-demand. Instead, we return -ENOBUFS which is
the appropriate error code that has to be propagated to
user-space.

Reported-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 5cb8d3027b18..2b7eef37875c 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -972,7 +972,8 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
 free:
 	kfree_skb(skb2);
 out:
-	return err;
+	/* this avoids a loop in nfnetlink. */
+	return err == -EAGAIN ? -ENOBUFS : err;
 }
 
 #ifdef CONFIG_NF_NAT_NEEDED