[netfilter-cvslog] r3984 - in trunk/patch-o-matic-ng/connlimit:
linux/net/ipv4/netfilter linux-2.6/net/ipv4/netfilter
kaber at netfilter.org
kaber at netfilter.org
Sun Jun 19 14:30:29 CEST 2005
Author: kaber at netfilter.org
Date: 2005-06-19 14:30:28 +0200 (Sun, 19 Jun 2005)
New Revision: 3984
Modified:
trunk/patch-o-matic-ng/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c
trunk/patch-o-matic-ng/connlimit/linux/net/ipv4/netfilter/ipt_connlimit.c
Log:
Fix connlimit NULL pointer kernel panic (Pablo Neira <pablo at eurodev.net>)
Modified: trunk/patch-o-matic-ng/connlimit/linux/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- trunk/patch-o-matic-ng/connlimit/linux/net/ipv4/netfilter/ipt_connlimit.c 2005-06-14 16:24:57 UTC (rev 3983)
+++ trunk/patch-o-matic-ng/connlimit/linux/net/ipv4/netfilter/ipt_connlimit.c 2005-06-19 12:30:28 UTC (rev 3984)
@@ -55,7 +55,7 @@
struct ipt_connlimit_conn *conn;
struct list_head *hash,*lh;
- spin_lock(&data->lock);
+ spin_lock_bh(&data->lock);
tuple = ct->tuplehash[0].tuple;
hash = &data->iphash[ipt_iphash(addr & mask)];
@@ -63,8 +63,8 @@
for (lh = hash->next; lh != hash; lh = lh->next) {
conn = list_entry(lh,struct ipt_connlimit_conn,list);
found = ip_conntrack_find_get(&conn->tuple,ct);
- if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
- found != NULL &&
+ if (found != NULL &&
+ 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
/* Just to be sure we have it only once in the list.
We should'nt see tuples twice unless someone hooks this
@@ -117,7 +117,7 @@
list_add(&conn->list,hash);
matches++;
}
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return matches;
}
Modified: trunk/patch-o-matic-ng/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- trunk/patch-o-matic-ng/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c 2005-06-14 16:24:57 UTC (rev 3983)
+++ trunk/patch-o-matic-ng/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c 2005-06-19 12:30:28 UTC (rev 3984)
@@ -55,7 +55,7 @@
struct ipt_connlimit_conn *conn;
struct list_head *hash,*lh;
- spin_lock(&data->lock);
+ spin_lock_bh(&data->lock);
tuple = ct->tuplehash[0].tuple;
hash = &data->iphash[ipt_iphash(addr & mask)];
@@ -63,9 +63,9 @@
for (lh = hash->next; lh != hash; lh = lh->next) {
conn = list_entry(lh,struct ipt_connlimit_conn,list);
found = ip_conntrack_find_get(&conn->tuple,ct);
- if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
- found != NULL &&
- found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+ if (found != NULL
+ && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple))
+ && found->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
/* Just to be sure we have it only once in the list.
We should'nt see tuples twice unless someone hooks this
into a table without "-p tcp --syn" */
@@ -110,7 +110,7 @@
#endif
conn = kmalloc(sizeof(*conn),GFP_ATOMIC);
if (NULL == conn) {
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return -1;
}
memset(conn,0,sizeof(*conn));
@@ -119,7 +119,7 @@
list_add(&conn->list,hash);
matches++;
}
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return matches;
}
More information about the netfilter-cvslog
mailing list