redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/include/linux/netfilter_ipv4
History
Patrick McHardy ec68e97ded [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 
Fix {nf,ip}_ct_iterate_cleanup unconfirmed list handling:

- unconfirmed entries can not be killed manually, they are removed on
  confirmation or final destruction of the conntrack entry, which means
  we might iterate forever without making forward progress.

  This can happen in combination with the conntrack event cache, which
  holds a reference to the conntrack entry, which is only released when
  the packet makes it all the way through the stack or a different
  packet is handled.

- taking references to an unconfirmed entry and using it outside the
  locked section doesn't work, the list entries are not refcounted and
  another CPU might already be waiting to destroy the entry

What the code really wants to do is make sure the references of the hash
table to the selected conntrack entries are released, so they will be
destroyed once all references from skbs and the event cache are dropped.

Since unconfirmed entries haven't even entered the hash yet, simply mark
them as dying and skip confirmation based on that.

Reported and tested by Chuck Ebbert <cebbert@redhat.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2007-03-05 13:25:18 -08:00
..
Kbuild [NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port 2006-12-02 22:08:46 -08:00
ip_conntrack.h [NETFILTER]: ip_conntrack: fix invalid conntrack statistics RCU assumption 2007-02-12 11:13:14 -08:00
ip_conntrack_amanda.h
ip_conntrack_core.h [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 2007-03-05 13:25:18 -08:00
ip_conntrack_ftp.h [NETFILTER]: nf_nat: add FTP NAT helper port 2006-12-02 22:07:44 -08:00
ip_conntrack_h323.h [NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port 2006-12-02 22:08:46 -08:00
ip_conntrack_helper.h [NETFILTER]: PPTP conntrack: fix another GRE keymap leak 2006-09-22 15:20:20 -07:00
ip_conntrack_icmp.h
ip_conntrack_irc.h
ip_conntrack_pptp.h [NETFILTER]: PPTP conntrack: simplify expectation handling 2006-09-22 15:20:13 -07:00
ip_conntrack_proto_gre.h [NET]: netfilter checksum annotations 2006-12-02 21:23:42 -08:00
ip_conntrack_protocol.h
ip_conntrack_sctp.h
ip_conntrack_sip.h [NETFILTER]: sip conntrack: better NAT handling 2006-12-02 21:31:26 -08:00
ip_conntrack_tcp.h
ip_conntrack_tftp.h [NETFILTER]: More trivial annotations. 2006-12-02 21:22:54 -08:00
ip_conntrack_tuple.h [NETFILTER]: conntrack annotations 2006-09-28 18:03:00 -07:00
ip_nat.h [NETFILTER]: NAT: optional source port randomization support 2007-02-08 12:39:17 -08:00
ip_nat_core.h [NETFILTER]: Get rid of HW checksum invalidation 2006-09-22 14:53:54 -07:00
ip_nat_helper.h
ip_nat_pptp.h [NETFILTER]: PPTP conntrack: get rid of unnecessary byte order conversions 2006-09-22 15:20:08 -07:00
ip_nat_protocol.h
ip_nat_rule.h
ip_queue.h [NETFILTER]: netfilter misc annotations 2006-09-28 18:02:59 -07:00
ip_tables.h [NETFILTER]: ip_tables: remove declaration of non-existant ipt_find_target function 2007-02-08 12:39:22 -08:00
ipt_CLASSIFY.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_CLUSTERIP.h
ipt_CONNMARK.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_DSCP.h [NETFILTER]: x_tables: replace IPv4 DSCP target by address family independent version 2006-09-22 14:55:22 -07:00
ipt_ECN.h
ipt_LOG.h [NETFILTER]: x_tables: add NFLOG target 2006-12-02 21:31:31 -08:00
ipt_MARK.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_NFQUEUE.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_REJECT.h
ipt_SAME.h
ipt_TCPMSS.h [NETFILTER]: add IPv6-capable TCPMSS target 2007-02-08 12:39:16 -08:00
ipt_TOS.h
ipt_TTL.h
ipt_ULOG.h
ipt_addrtype.h
ipt_ah.h
ipt_comment.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_connbytes.h [NETFILTER]: iptables: fix typos in ipt_connbytes.h 2006-02-04 23:51:22 -08:00
ipt_connmark.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_conntrack.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_dccp.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_dscp.h [NETFILTER]: x_tables: replace IPv4 dscp match by address family independent version 2006-09-22 14:55:21 -07:00
ipt_ecn.h
ipt_esp.h [NETFILTER]: x_tables: unify IPv4/IPv6 esp match 2006-04-01 02:22:30 -08:00
ipt_hashlimit.h [NETFILTER]: x_tables: add port of hashlimit match for IPv4 and IPv6 2006-12-02 21:31:31 -08:00
ipt_helper.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_iprange.h [NETFILTER]: ipt annotations 2006-09-28 18:03:02 -07:00
ipt_length.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_limit.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_mac.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_mark.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_multiport.h [NETFILTER]: x_tables: unify IPv4/IPv6 multiport match 2006-04-01 02:22:54 -08:00
ipt_owner.h
ipt_physdev.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_pkttype.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_policy.h [NETFILTER]: x_tables: replace IPv4/IPv6 policy match by address family independant version 2006-03-20 18:03:40 -08:00
ipt_realm.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_recent.h
ipt_sctp.h
ipt_state.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_string.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_tcpmss.h [NETFILTER] x_tables: Abstraction layer for {ip,ip6,arp}_tables 2006-01-12 14:06:43 -08:00
ipt_tos.h
ipt_ttl.h