[PATCH 2.4] raw table and NOTRACK support

Roberto Nibali ratz at tac.ch
Mon Nov 28 10:11:29 CET 2005 

> One of the things it broke was SO_ORIGINAL_DST support for
> transparent proxying, which also affects 2.4.

Ok.

>> That would be perfect, could you point me to the git reference to this
>> patch, please?
> 
> It was commit 84531c24f27b02daa8e54e2bb6dc74a730fdf0a5, titled
> "[NETFILTER]: Revert nf_reset change".

Hmmm, so how about the following approach?

--- linux-2.4.32-orig/include/net/dst.h 2005-04-04 03:42:20 +0200
+++ linux-2.4.32-pab2/include/net/dst.h 2005-11-28 09:42:59 +0100
@@ -105,6 +105,7 @@
  void dst_release(struct dst_entry * dst)
  {
         if (dst) {
+               WARN_ON(atomic_read(&dst->__refcnt) < 1);
                 smp_mb__before_atomic_dec();
                 atomic_dec(&dst->__refcnt);
         }
diff -X dontdiff -Nur linux-2.4.32-orig/net/packet/af_packet.c 
linux-2.4.32-pab2/net/packet/af_packet.c
--- linux-2.4.32-orig/net/packet/af_packet.c    2004-11-17 12:54:22 +0100
+++ linux-2.4.32-pab2/net/packet/af_packet.c    2005-11-28 10:00:27 +0100
@@ -272,6 +272,11 @@
         if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL)
                 goto oom;

+       /* drop any routing info and conntrack reference */
+       dst_release(skb->dst);
+       skb->dst = NULL;
+       nf_reset(skb);
+
         spkt = (struct sockaddr_pkt*)skb->cb;

         skb_push(skb, skb->data-skb->mac.raw);
@@ -507,6 +512,12 @@

         skb_set_owner_r(skb, sk);
         skb->dev = NULL;
+
+       /* drop any routing info and conntrack reference */
+       dst_release(skb->dst);
+       skb->dst = NULL;
+       nf_reset(skb);
+
         spin_lock(&sk->receive_queue.lock);
         po->stats.tp_packets++;
         __skb_queue_tail(&sk->receive_queue, skb);

I'm compiling it now and will be running test, so long as the thing even 
boots ;).

I think the WARN_ON could be submitted to 2.4.x anyway since it helps 
finding other occurances of wrong refcnt decreasing. Why is the routing 
entry dropped in 2.6.x and not in 2.4.x? Maybe I should also cc netdev 
as well.

Thanks and best regards,
Roberto Nibali, ratz
-- 
-------------------------------------------------------------
addr://Kasinostrasse 30, CH-5001 Aarau tel://++41 62 823 9355
http://www.terreactive.com             fax://++41 62 823 9356
-------------------------------------------------------------
terreActive AG                       Wir sichern Ihren Erfolg
-------------------------------------------------------------

More information about the netfilter-devel mailing list