From 4ca06bc967d94b7b7b5a6efc76e870f0efc77e24 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Thu, 16 Jun 2016 15:11:32 +0200
Subject: src: make nfq_open_nfnl thread-safe

nfq_open_nfnl uses an intermediate static object, so when it is invoked
by distinct threads at the same time there is a small chance that some
threads end up with another threads nfq_handle pointer stored in ->data.

The result is that the affected queue will be stuck because the thread
that was supposed to service it is handling another/wrong queue instead.

Tested-by: Michal Tesar <mtesar@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/libnetfilter_queue.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c
index 84184ee..5fbde5b 100644
--- a/src/libnetfilter_queue.c
+++ b/src/libnetfilter_queue.c
@@ -216,11 +216,6 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[],
 	return qh->cb(qh, nfmsg, &nfqa, qh->data);
 }
 
-static struct nfnl_callback pkt_cb = {
-	.call		= &__nfq_rcv_pkt,
-	.attr_count	= NFQA_MAX,
-};
-
 /* public interface */
 
 struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h)
@@ -389,6 +384,10 @@ EXPORT_SYMBOL(nfq_open);
  */
 struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh)
 {
+	struct nfnl_callback pkt_cb = {
+		.call		= __nfq_rcv_pkt,
+		.attr_count	= NFQA_MAX,
+	};
 	struct nfq_handle *h;
 	int err;
 
-- 
cgit v0.12