提交 14a50bba 编写于 作者: P Pablo Neira Ayuso 提交者: David S. Miller

[NETFILTER]: ctnetlink: make sure event order is correct

The following sequence is displayed during events dumping of an ICMP
connection: [NEW] [DESTROY] [UPDATE]

This happens because the event IPCT_DESTROY is delivered in
death_by_timeout(), that is called from the icmp protocol helper
(ct->timeout.function) once we see the reply.

To fix this, we move this event to destroy_conntrack().
Signed-off-by: NPablo Neira Ayuso <pablo@eurodev.net>
Signed-off-by: NHarald Welte <laforge@netfilter.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 1444fc55
...@@ -316,6 +316,7 @@ destroy_conntrack(struct nf_conntrack *nfct) ...@@ -316,6 +316,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
IP_NF_ASSERT(atomic_read(&nfct->use) == 0); IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
IP_NF_ASSERT(!timer_pending(&ct->timeout)); IP_NF_ASSERT(!timer_pending(&ct->timeout));
ip_conntrack_event(IPCT_DESTROY, ct);
set_bit(IPS_DYING_BIT, &ct->status); set_bit(IPS_DYING_BIT, &ct->status);
/* To make sure we don't get any weird locking issues here: /* To make sure we don't get any weird locking issues here:
...@@ -355,7 +356,6 @@ static void death_by_timeout(unsigned long ul_conntrack) ...@@ -355,7 +356,6 @@ static void death_by_timeout(unsigned long ul_conntrack)
{ {
struct ip_conntrack *ct = (void *)ul_conntrack; struct ip_conntrack *ct = (void *)ul_conntrack;
ip_conntrack_event(IPCT_DESTROY, ct);
write_lock_bh(&ip_conntrack_lock); write_lock_bh(&ip_conntrack_lock);
/* Inside lock so preempt is disabled on module removal path. /* Inside lock so preempt is disabled on module removal path.
* Otherwise we can get spurious warnings. */ * Otherwise we can get spurious warnings. */
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册