git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 29 Aug 2012 16:25:49 +0000 (16:25 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 31 Aug 2012 13:50:28 +0000 (15:50 +0200)
commit	4477ddb909de39f0aa4ee92e3221e1a1425cd849
tree	f71b7726f6501993bc7be9d4d7e6e69d7cd095b2	tree \| snapshot
parent	79009b6a5e5b0b12441d58d008582628e5d499a4	commit \| diff

netfilter: nf_conntrack: fix racy timer handling with reliable events

Existing code assumes that del_timer returns true for alive conntrack
entries. However, this is not true if reliable events are enabled.
In that case, del_timer may return true for entries that were
just inserted in the dying list. Note that packets / ctnetlink may
hold references to conntrack entries that were just inserted to such
list.

This patch fixes the issue by adding an independent timer for
event delivery. This increases the size of the ecache extension.
Still we can revisit this later and use variable size extensions
to allocate this area on demand.

Tested-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack_ecache.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history