[netfilter-cvslog] r3704 - trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter

laforge at netfilter.org laforge at netfilter.org
Tue Feb 15 03:01:07 CET 2005


Author: laforge at netfilter.org
Date: 2005-02-15 03:01:06 +0100 (Tue, 15 Feb 2005)
New Revision: 3704

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
Log:
[NETFILTER]: Fix overlapping expectations in existing expectation code

Change kmem_cache_free() calls in ip_conntrack_expect_related() to
ip_conntrack_expect_put(): they should be equivalent but allows a hack
in next patch (caller can keep expect).

More importantly, a previous expectation should only be refreshed and return
EEXIST if it's owned by the same connection (nfsim found this bug).

Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
Signed-off-by: David S. Miller <davem at davemloft.net>


Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-15 01:58:13 UTC (rev 3703)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-15 02:01:06 UTC (rev 3704)
@@ -1170,7 +1170,7 @@
 	old = LIST_FIND(&nf_conntrack_expect_list, resent_expect,
 			struct nf_conntrack_expect *, &expect->tuple, 
 			&expect->mask);
-	if (old) {
+	if (old && old->expectant == related_to) {
 		/* Helper private data may contain offsets but no pointers
 		   pointing into the payload - otherwise we should have to copy 
 		   the data filled out by the helper over the old one */
@@ -1187,8 +1187,7 @@
 		}
 
 		WRITE_UNLOCK(&nf_conntrack_lock);
-		/* This expectation is not inserted so no need to lock */
-		kmem_cache_free(nf_conntrack_expect_cachep, expect);
+		nf_conntrack_expect_put(expect);
 		return -EEXIST;
 
 	} else if (related_to->helper->max_expected && 
@@ -1208,7 +1207,7 @@
 				       related_to->tuplehash[NF_CT_DIR_ORIGINAL].tuple.src.l3num,
 		    	       	       NIP6(*(struct in6_addr *)related_to->tuplehash[NF_CT_DIR_ORIGINAL].tuple.src.u3.all),
 		    	       	       NIP6(*(struct in6_addr *)related_to->tuplehash[NF_CT_DIR_ORIGINAL].tuple.dst.u3.all));
-			kmem_cache_free(nf_conntrack_expect_cachep, expect);
+			nf_conntrack_expect_put(expect);
 			return -EPERM;
 		}
 		DEBUGP("nf_conntrack: max number of expected "
@@ -1243,7 +1242,7 @@
 		WRITE_UNLOCK(&nf_conntrack_lock);
 		DEBUGP("expect_related: busy!\n");
 
-		kmem_cache_free(nf_conntrack_expect_cachep, expect);
+		nf_conntrack_expect_put(expect);
 		return -EBUSY;
 	}
 




More information about the netfilter-cvslog mailing list