mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Patrick McHardy ec68e97ded [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 
Fix {nf,ip}_ct_iterate_cleanup unconfirmed list handling:

- unconfirmed entries can not be killed manually, they are removed on
  confirmation or final destruction of the conntrack entry, which means
  we might iterate forever without making forward progress.

  This can happen in combination with the conntrack event cache, which
  holds a reference to the conntrack entry, which is only released when
  the packet makes it all the way through the stack or a different
  packet is handled.

- taking references to an unconfirmed entry and using it outside the
  locked section doesn't work, the list entries are not refcounted and
  another CPU might already be waiting to destroy the entry

What the code really wants to do is make sure the references of the hash
table to the selected conntrack entries are released, so they will be
destroyed once all references from skbs and the event cache are dropped.

Since unconfirmed entries haven't even entered the hash yet, simply mark
them as dying and skip confirmation based on that.

Reported and tested by Chuck Ebbert <cebbert@redhat.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2007-03-05 13:25:18 -08:00
..
Kconfig [NETFILTER]: Kconfig: improve dependency handling 2007-02-12 11:15:02 -08:00
Makefile [NETFILTER]: add IPv6-capable TCPMSS target 2007-02-08 12:39:16 -08:00
core.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_amanda.c [NETFILTER]: nf_conntrack: fix header inclusions for helpers 2006-12-02 22:12:54 -08:00
nf_conntrack_core.c [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 2007-03-05 13:25:18 -08:00
nf_conntrack_ecache.c [NETFILTER]: nf_conntrack: fix header inclusions for helpers 2006-12-02 22:12:54 -08:00
nf_conntrack_expect.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_ftp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port 2006-12-02 22:08:46 -08:00
nf_conntrack_h323_main.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack/nf_nat: add H.323 helper port 2006-12-02 22:08:46 -08:00
nf_conntrack_helper.c [NETFILTER]: nf_conntrack: EXPORT_SYMBOL cleanup 2006-12-02 22:11:25 -08:00
nf_conntrack_irc.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_l3proto_generic.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_netbios_ns.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_netlink.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_pptp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_proto.c [NETFILTER]: nf_conntrack: change nf_conntrack_l[34]proto_unregister to void 2007-02-12 11:14:28 -08:00
nf_conntrack_proto_generic.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
nf_conntrack_proto_gre.c [NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port 2006-12-02 22:09:41 -08:00
nf_conntrack_proto_sctp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
nf_conntrack_proto_tcp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
nf_conntrack_proto_udp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
nf_conntrack_sane.c [NETFILTER]: Add SANE connection tracking helper 2007-02-08 12:39:09 -08:00
nf_conntrack_sip.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_conntrack_standalone.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
nf_conntrack_tftp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_internals.h [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_log.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_queue.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_sockopt.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nf_sysctl.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
nfnetlink.c [NET]: Handle disabled preemption in gfp_any() 2007-02-28 09:42:13 -08:00
nfnetlink_log.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
nfnetlink_queue.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
x_tables.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_CLASSIFY.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_CONNMARK.c [NETFILTER]: Remove useless comparisons before assignments 2007-02-08 12:39:11 -08:00
xt_CONNSECMARK.c [NETFILTER]: Remove useless comparisons before assignments 2007-02-08 12:39:11 -08:00
xt_DSCP.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
xt_MARK.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_NFLOG.c [NETFILTER]: x_tables: add NFLOG target 2006-12-02 21:31:31 -08:00
xt_NFQUEUE.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_NOTRACK.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_SECMARK.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_TCPMSS.c [NETFILTER]: add IPv6-capable TCPMSS target 2007-02-08 12:39:16 -08:00
xt_comment.c [NETFILTER]: x_tables: make use of mass registation helpers 2006-09-22 14:55:32 -07:00
xt_connbytes.c [NETFILTER]: xt_connbytes: fix division by zero 2007-01-30 14:24:29 -08:00
xt_connmark.c [NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets 2006-12-13 16:48:20 -08:00
xt_conntrack.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_dccp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_dscp.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
xt_esp.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
xt_hashlimit.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_helper.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_length.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_limit.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_mac.c [NETFILTER]: xt_mac/xt_CLASSIFY: use IPv6 hook names for IPv6 registration 2007-02-12 11:14:43 -08:00
xt_mark.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_multiport.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_physdev.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_pkttype.c [NETFILTER]: x_tables: make use of mass registation helpers 2006-09-22 14:55:32 -07:00
xt_policy.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_quota.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_realm.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_sctp.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_state.c [NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets 2006-12-13 16:48:20 -08:00
xt_statistic.c [NETFILTER]: x_tables: remove unused size argument to check/destroy functions 2006-09-22 14:55:34 -07:00
xt_string.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_tcpmss.c [NETFILTER]: Fix whitespace errors 2007-02-12 11:15:49 -08:00
xt_tcpudp.c [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00