[netfilter-cvslog] r3704 -
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter
laforge at netfilter.org
laforge at netfilter.org
Tue Feb 15 03:01:07 CET 2005
Author: laforge at netfilter.org
Date: 2005-02-15 03:01:06 +0100 (Tue, 15 Feb 2005)
New Revision: 3704
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
Log:
[NETFILTER]: Fix overlapping expectations in existing expectation code
Change kmem_cache_free() calls in ip_conntrack_expect_related() to
ip_conntrack_expect_put(): they should be equivalent but allows a hack
in next patch (caller can keep expect).
More importantly, a previous expectation should only be refreshed and return
EEXIST if it's owned by the same connection (nfsim found this bug).
Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
Signed-off-by: David S. Miller <davem at davemloft.net>
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-15 01:58:13 UTC (rev 3703)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-15 02:01:06 UTC (rev 3704)
@@ -1170,7 +1170,7 @@
old = LIST_FIND(&nf_conntrack_expect_list, resent_expect,
struct nf_conntrack_expect *, &expect->tuple,
&expect->mask);
- if (old) {
+ if (old && old->expectant == related_to) {
/* Helper private data may contain offsets but no pointers
pointing into the payload - otherwise we should have to copy
the data filled out by the helper over the old one */
@@ -1187,8 +1187,7 @@
}
WRITE_UNLOCK(&nf_conntrack_lock);
- /* This expectation is not inserted so no need to lock */
- kmem_cache_free(nf_conntrack_expect_cachep, expect);
+ nf_conntrack_expect_put(expect);
return -EEXIST;
} else if (related_to->helper->max_expected &&
@@ -1208,7 +1207,7 @@
related_to->tuplehash[NF_CT_DIR_ORIGINAL].tuple.src.l3num,
NIP6(*(struct in6_addr *)related_to->tuplehash[NF_CT_DIR_ORIGINAL].tuple.src.u3.all),
NIP6(*(struct in6_addr *)related_to->tuplehash[NF_CT_DIR_ORIGINAL].tuple.dst.u3.all));
- kmem_cache_free(nf_conntrack_expect_cachep, expect);
+ nf_conntrack_expect_put(expect);
return -EPERM;
}
DEBUGP("nf_conntrack: max number of expected "
@@ -1243,7 +1242,7 @@
WRITE_UNLOCK(&nf_conntrack_lock);
DEBUGP("expect_related: busy!\n");
- kmem_cache_free(nf_conntrack_expect_cachep, expect);
+ nf_conntrack_expect_put(expect);
return -EBUSY;
}
More information about the netfilter-cvslog
mailing list