diff --git a/SOURCES/libnetfilter_queue-1.0.2-rh1348210.patch b/SOURCES/libnetfilter_queue-1.0.2-rh1348210.patch new file mode 100644 index 0000000..adf8bf8 --- /dev/null +++ b/SOURCES/libnetfilter_queue-1.0.2-rh1348210.patch @@ -0,0 +1,49 @@ +From 4ca06bc967d94b7b7b5a6efc76e870f0efc77e24 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Thu, 16 Jun 2016 15:11:32 +0200 +Subject: src: make nfq_open_nfnl thread-safe + +nfq_open_nfnl uses an intermediate static object, so when it is invoked +by distinct threads at the same time there is a small chance that some +threads end up with another threads nfq_handle pointer stored in ->data. + +The result is that the affected queue will be stuck because the thread +that was supposed to service it is handling another/wrong queue instead. + +Tested-by: Michal Tesar +Signed-off-by: Florian Westphal +Acked-by: Pablo Neira Ayuso +--- + src/libnetfilter_queue.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/src/libnetfilter_queue.c b/src/libnetfilter_queue.c +index 84184ee..5fbde5b 100644 +--- a/src/libnetfilter_queue.c ++++ b/src/libnetfilter_queue.c +@@ -216,11 +216,6 @@ static int __nfq_rcv_pkt(struct nlmsghdr *nlh, struct nfattr *nfa[], + return qh->cb(qh, nfmsg, &nfqa, qh->data); + } + +-static struct nfnl_callback pkt_cb = { +- .call = &__nfq_rcv_pkt, +- .attr_count = NFQA_MAX, +-}; +- + /* public interface */ + + struct nfnl_handle *nfq_nfnlh(struct nfq_handle *h) +@@ -389,6 +384,10 @@ EXPORT_SYMBOL(nfq_open); + */ + struct nfq_handle *nfq_open_nfnl(struct nfnl_handle *nfnlh) + { ++ struct nfnl_callback pkt_cb = { ++ .call = __nfq_rcv_pkt, ++ .attr_count = NFQA_MAX, ++ }; + struct nfq_handle *h; + int err; + +-- +cgit v0.12 + diff --git a/SPECS/libnetfilter_queue.spec b/SPECS/libnetfilter_queue.spec index 6428a3d..d879efb 100644 --- a/SPECS/libnetfilter_queue.spec +++ b/SPECS/libnetfilter_queue.spec @@ -2,13 +2,14 @@ Name: libnetfilter_queue Version: 1.0.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Netfilter queue userspace library Group: System Environment/Libraries # Most files say GPLv2+, one says v2 only. License: GPLv2 URL: http://netfilter.org Source0: http://netfilter.org/projects/%{name}/files/%{name}-%{version}.tar.bz2 +Patch0: libnetfilter_queue-1.0.2-rh1348210.patch BuildRequires: pkgconfig, kernel-headers BuildRequires: libnfnetlink-devel >= %{libnfnetlink}, libmnl-devel >= 1.0.3 @@ -35,6 +36,7 @@ libnetfilter_queue has been previously known as libnfnetlink_queue. %prep %setup -q +%patch0 -p1 %build %configure --disable-silent-rules --disable-static --disable-rpath @@ -61,6 +63,10 @@ rm %{buildroot}/%{_includedir}/internal.h %{_libdir}/pkgconfig/%{name}.pc %changelog +* Fri Jul 08 2016 Pavel Šimerda - 1.0.2-2 +- Resolves: #1348210 - libnetfilter_queue might not process packets from a given + queue + * Thu Aug 28 2014 Pavel Šimerda - 1.0.2-1 - Resolves: #1058375 - provide libnetfilter_queue package for RHEL 7.1