ip_forward: Drop frames with attached skb->sk

[pandora-kernel.git] / net / ipv4 / ip_forward.c

diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index d9bc28a..3674484 100644 (file)
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -57,7 +57,7 @@ static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
 }
 
 
-static int ip_forward_finish(struct sk_buff *skb)
+static int ip_forward_finish(struct sock *sk, struct sk_buff *skb)
 {
        struct ip_options *opt  = &(IPCB(skb)->opt);
 
@@ -68,7 +68,7 @@ static int ip_forward_finish(struct sk_buff *skb)
                ip_forward_options(skb);
 
        skb_sender_cpu_clear(skb);
-       return dst_output(skb);
+       return dst_output_sk(sk, skb);
 }
 
 int ip_forward(struct sk_buff *skb)
@@ -82,6 +82,9 @@ int ip_forward(struct sk_buff *skb)
        if (skb->pkt_type != PACKET_HOST)
                goto drop;
 
+       if (unlikely(skb->sk))
+               goto drop;
+
        if (skb_warn_if_lro(skb))
                goto drop;
 
@@ -136,8 +139,8 @@ int ip_forward(struct sk_buff *skb)
 
        skb->priority = rt_tos2priority(iph->tos);
 
-       return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, skb, skb->dev,
-                      rt->dst.dev, ip_forward_finish);
+       return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, NULL, skb,
+                      skb->dev, rt->dst.dev, ip_forward_finish);
 
 sr_failed:
        /*