When a frame is rejected by br_allowed_ingress(), the skb is not freed.
Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
---
net/bridge/br_device.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 8fe8b71..b152fb6 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -55,7 +55,7 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device
*dev)
skb_pull(skb, ETH_HLEN);
if (!br_allowed_ingress(br, br_get_vlan_info(br), skb, &vid))
- goto out;
+ goto drop;
if (is_broadcast_ether_addr(dest))
br_flood_deliver(br, skb, false);
@@ -64,10 +64,8 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct
net_device *dev)
br_flood_deliver(br, skb, false);
goto out;
}
- if (br_multicast_rcv(br, NULL, skb, vid)) {
- kfree_skb(skb);
- goto out;
- }
+ if (br_multicast_rcv(br, NULL, skb, vid))
+ goto drop;
mdst = br_mdb_get(br, skb, vid);
if ((mdst || BR_INPUT_SKB_CB_MROUTERS_ONLY(skb)) &&
@@ -83,6 +81,9 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device
*dev)
out:
rcu_read_unlock();
return NETDEV_TX_OK;
+drop:
+ kfree_skb(skb);
+ goto out;
}
static int br_dev_init(struct net_device *dev)
--
1.8.1.2