Connection problems on large high speed connections.

Stian B. Barmen stian at
Wed Apr 27 11:44:17 CEST 2005

I saw this on the netfilter page. Maybe I forgot to say I have a dual
cpu system. Can this be the source of my problems?

Author: Patrick McHardy, <kaber at> 
Status: Working

This patch fixes a deadlock condition in conntrack/nat-helpers

There is a possible deadlock condition with conntrack/nat-helpers:

conntrack-helper:help: lock(private_lock)
ip_conntrack_expect_related: write_lock(ip_conntrack_lock)

nat-core:do_bindings: read_lock(ip_conntrack_lock)
nat-helper:help: lock(private_lock)

The lock in the nat-helper is unneccessary because the expectation
is never changed and is protected by ip_conntrack_lock.

How do I go about to implement this patch? I cannot find it patchomatic-ng, maybe I am doing it wrongly. 

Best regards
Stian B. Barmen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2685 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20050427/0a8c8af6/smime.bin

More information about the netfilter mailing list