[netfilter-cvslog] r3970 - trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter

kaber at netfilter.org kaber at netfilter.org
Sat Jun 11 17:14:02 CEST 2005 

Author: kaber at netfilter.org
Date: 2005-06-11 17:14:00 +0200 (Sat, 11 Jun 2005)
New Revision: 3970

Modified:
   trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c
Log:
Fix connlimit NULL pointer kernel panic (Pablo Neira <pablo at eurodev.net>, Damon Gray <dgray at internap.com>)


Modified: trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c	2005-06-10 19:12:01 UTC (rev 3969)
+++ trunk/patch-o-matic-ng/connlimit/linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c	2005-06-11 15:14:00 UTC (rev 3970)
@@ -55,7 +55,7 @@
 	struct ipt_connlimit_conn *conn;
 	struct list_head *hash,*lh;
 
-	spin_lock(&data->lock);
+	spin_lock_bh(&data->lock);
 	tuple = ct->tuplehash[0].tuple;
 	hash = &data->iphash[ipt_iphash(addr & mask)];
 
@@ -64,9 +64,10 @@
 		struct ip_conntrack *found_ct = NULL;
 		conn = list_entry(lh,struct ipt_connlimit_conn,list);
 		found = ip_conntrack_find_get(&conn->tuple,ct);
-		if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
-		    found != NULL && (found_ct = tuplehash_to_ctrack(found)) != NULL &&
-		    found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+		 if (found != NULL 
+		     && (found_ct = tuplehash_to_ctrack(found)) != NULL
+		     && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) 
+		     && found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
 			/* Just to be sure we have it only once in the list.
 			   We should'nt see tuples twice unless someone hooks this
 			   into a table without "-p tcp --syn" */
@@ -111,7 +112,7 @@
 #endif
 		conn = kmalloc(sizeof(*conn),GFP_ATOMIC);
 		if (NULL == conn) {
-			spin_unlock(&data->lock);
+			spin_unlock_bh(&data->lock);
 			return -1;
 		}
 		memset(conn,0,sizeof(*conn));
@@ -120,7 +121,7 @@
 		list_add(&conn->list,hash);
 		matches++;
 	}
-	spin_unlock(&data->lock);
+	spin_unlock_bh(&data->lock);
 	return matches;
 }

More information about the netfilter-cvslog mailing list