patch-1.3.93 linux/net/ipv4/ip_output.c

• Lines: 42
• Date: Sun Apr 21 10:47:27 1996
• Orig file: v1.3.92/linux/net/ipv4/ip_output.c
• Orig date: Fri Apr 19 10:08:03 1996

diff -u --recursive --new-file v1.3.92/linux/net/ipv4/ip_output.c linux/net/ipv4/ip_output.c
@@ -23,6 +23,9 @@
  *		Mike Kilburn	:	htons() missing in ip_build_xmit.
  *		Bradford Johnson:	Fix faulty handling of some frames when 
  *					no route is found.
+ *		Alexander Demenshin:	Missing sk/skb free in ip_queue_xmit
+ *					(in case if packet not accepted by
+ *					output firewall rules)
  */
 
 #include <asm/segment.h>
@@ -360,12 +363,6 @@
 	iph = skb->ip_hdr;
 	iph->tot_len = htons(skb->len-(((unsigned char *)iph)-skb->data));
 
-#ifdef CONFIG_FIREWALL
-	if(call_out_firewall(PF_INET, skb->dev, iph) < FW_ACCEPT)
-		/* just don't send this packet */
-		return;
-#endif	
-
 	/*
 	 *	No reassigning numbers to fragments...
 	 */
@@ -380,6 +377,17 @@
 		free = 1;
 
 	skb->free = free;
+
+#ifdef CONFIG_FIREWALL
+	if(call_out_firewall(PF_INET, skb->dev, iph) < FW_ACCEPT) {
+		/* just don't send this packet */
+		/* and free socket buffers ;) <aldem@barnet.kharkov.ua> */
+		if (free)
+		  skb->sk = sk;		/* I am not sure *this* really need, */
+		kfree_skb(skb, FREE_WRITE);	/* but *this* must be here */
+		return;
+	}
+#endif	
 
 	/*
 	 *	Do we need to fragment. Again this is inefficient.