If ndo_start_xmit returns NETDEV_TX_OK, it must take care of the packet
by itself. That means, if veth_xmit drops a packet, it must free it, but
currently it does not. This results in skb leak. Fix it.
Fixes: 69a0d2fdb4efd ("ve/veth: filter packages accoding with mac addresses")
Signed-off-by: Vladimir Davydov <vdavy...@parallels.com>
---
drivers/net/veth.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 1d851749500d..99afacc12785 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -151,8 +151,10 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct
net_device *dev)
skb->ip_summed = CHECKSUM_UNNECESSARY;
- if (dev->features & NETIF_F_VENET && !vzethdev_filter(skb, dev, rcv))
+ if (dev->features & NETIF_F_VENET && !vzethdev_filter(skb, dev, rcv)) {
+ kfree_skb(skb);
goto drop;
+ }
if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);
--
2.1.4
_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel
