lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks

Browse Source 
New extensions may only be added to unconfirmed conntracks to avoid races
when reallocating the storage.

Also change NF_CT_ASSERT to use WARN_ON to get backtraces.

Signed-off-by: Patrick McHardy <kaber@trash.net>
This commit is contained in:
Patrick McHardy
2008-04-14 11:15:51 +02:00
parent 8c87238b72
commit 55871d0479
2 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/net/netfilter/nf_conntrack.h
View File

@@ -65,14 +65,7 @@ union nf_conntrack_help {
#include <linux/timer.h> #include <linux/timer.h>
#ifdef CONFIG_NETFILTER_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
#define NF_CT_ASSERT(x) \ #define NF_CT_ASSERT(x) WARN_ON(!(x))
do { \
if (!(x)) \
/* Wooah! I'm tripping my conntrack in a frenzy of \
netplay... */ \
printk("NF_CT_ASSERT: %s:%i(%s)\n", \
__FILE__, __LINE__, __FUNCTION__); \
} while(0)
#else #else
#define NF_CT_ASSERT(x) #define NF_CT_ASSERT(x)
#endif #endif

3
net/netfilter/nf_conntrack_extend.c
View File

@@ -71,6 +71,9 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
int i, newlen, newoff; int i, newlen, newoff;
struct nf_ct_ext_type *t; struct nf_ct_ext_type *t;
/* Conntrack must not be confirmed to avoid races on reallocation. */
NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
if (!ct->ext) if (!ct->ext)
return nf_ct_ext_create(&ct->ext, id, gfp); return nf_ct_ext_create(&ct->ext, id, gfp);