summaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-08-29 16:25:49 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2012-08-31 15:50:28 +0200
commit5b423f6a40a0327f9d40bc8b97ce9be266f74368 (patch)
treef71b7726f6501993bc7be9d4d7e6e69d7cd095b2 /include/net
parent3f509c689a07a4aa989b426893d8491a7ffcc410 (diff)
downloadlinux-stable-5b423f6a40a0327f9d40bc8b97ce9be266f74368.tar.gz
linux-stable-5b423f6a40a0327f9d40bc8b97ce9be266f74368.tar.bz2
linux-stable-5b423f6a40a0327f9d40bc8b97ce9be266f74368.zip
netfilter: nf_conntrack: fix racy timer handling with reliable events
Existing code assumes that del_timer returns true for alive conntrack entries. However, this is not true if reliable events are enabled. In that case, del_timer may return true for entries that were just inserted in the dying list. Note that packets / ctnetlink may hold references to conntrack entries that were just inserted to such list. This patch fixes the issue by adding an independent timer for event delivery. This increases the size of the ecache extension. Still we can revisit this later and use variable size extensions to allocate this area on demand. Tested-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_conntrack_ecache.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index e1ce1048fe5f..4a045cda9c60 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -18,6 +18,7 @@ struct nf_conntrack_ecache {
u16 ctmask; /* bitmask of ct events to be delivered */
u16 expmask; /* bitmask of expect events to be delivered */
u32 pid; /* netlink pid of destroyer */
+ struct timer_list timeout;
};
static inline struct nf_conntrack_ecache *