1
linux/net/ipv4/netfilter
Harald Welte 1dfbab5949 [NETFILTER] Fix conntrack event cache deadlock/oops
This patch fixes a number of bugs.  It cannot be reasonably split up in
multiple fixes, since all bugs interact with each other and affect the same
function:

Bug #1:
The event cache code cannot be called while a lock is held.  Therefore, the
call to ip_conntrack_event_cache() within ip_ct_refresh_acct() needs to be
moved outside of the locked section.  This fixes a number of 2.6.14-rcX
oops and deadlock reports.

Bug #2:
We used to call ct_add_counters() for unconfirmed connections without
holding a lock.  Since the add operations are not atomic, we could race
with another CPU.

Bug #3:
ip_ct_refresh_acct() lost REFRESH events in some cases where refresh
(and the corresponding event) are desired, but no accounting shall be
performed.  Both, evenst and accounting implicitly depended on the skb
parameter bein non-null.   We now re-introduce a non-accounting
"ip_ct_refresh()" variant to explicitly state the desired behaviour.

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2005-09-22 23:46:57 -07:00
..
arp_tables.c [NETFILTER]: Kill lockhelp.h 2005-06-21 14:01:30 -07:00
arpt_mangle.c
arptable_filter.c
ip_conntrack_amanda.c [NETFILTER] Fix conntrack event cache deadlock/oops 2005-09-22 23:46:57 -07:00
ip_conntrack_core.c [NETFILTER] Fix conntrack event cache deadlock/oops 2005-09-22 23:46:57 -07:00
ip_conntrack_ftp.c [NETFILTER]: Use correct type for "ports" module parameter 2005-09-13 13:48:00 -07:00
ip_conntrack_helper_pptp.c [NETFILTER] Fix conntrack event cache deadlock/oops 2005-09-22 23:46:57 -07:00
ip_conntrack_irc.c [NETFILTER]: Use correct type for "ports" module parameter 2005-09-13 13:48:00 -07:00
ip_conntrack_netbios_ns.c [NETFILTER] Fix conntrack event cache deadlock/oops 2005-09-22 23:46:57 -07:00
ip_conntrack_netlink.c [NETFILTER]: Rename misnamed function 2005-09-19 15:35:31 -07:00
ip_conntrack_proto_generic.c
ip_conntrack_proto_gre.c [NETFILTER]: Add new PPTP conntrack and NAT helper 2005-09-19 15:33:08 -07:00
ip_conntrack_proto_icmp.c [NETFILTER]: Extend netfilter logging API 2005-08-29 15:38:07 -07:00
ip_conntrack_proto_sctp.c [NETFILTER]: Add ctnetlink subsystem 2005-08-29 15:31:49 -07:00
ip_conntrack_proto_tcp.c [NETFILTER]: Missing unlock in TCP connection tracking error path 2005-09-06 15:11:10 -07:00
ip_conntrack_proto_udp.c [NETFILTER]: Extend netfilter logging API 2005-08-29 15:38:07 -07:00
ip_conntrack_standalone.c [NETFILTER] Fix conntrack event cache deadlock/oops 2005-09-22 23:46:57 -07:00
ip_conntrack_tftp.c [NETFILTER]: Use correct type for "ports" module parameter 2005-09-13 13:48:00 -07:00
ip_nat_amanda.c [NETFILTER]: ip_conntrack_expect_related must not free expectation 2005-07-21 13:14:46 -07:00
ip_nat_core.c [NETFILTER]: Export ip_nat_port_{nfattr_to_range,range_to_nfattr} 2005-09-19 15:35:57 -07:00
ip_nat_ftp.c [NETFILTER]: ip_conntrack_expect_related must not free expectation 2005-07-21 13:14:46 -07:00
ip_nat_helper_pptp.c [NETFILTER]: Add new PPTP conntrack and NAT helper 2005-09-19 15:33:08 -07:00
ip_nat_helper.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ip_nat_irc.c [NETFILTER]: ip_conntrack_expect_related must not free expectation 2005-07-21 13:14:46 -07:00
ip_nat_proto_gre.c [NETFILTER]: Add new PPTP conntrack and NAT helper 2005-09-19 15:33:08 -07:00
ip_nat_proto_icmp.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ip_nat_proto_tcp.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ip_nat_proto_udp.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ip_nat_proto_unknown.c [NETFILTER]: C99 initizalizers for NAT protocols 2005-08-29 15:33:34 -07:00
ip_nat_rule.c [NETFILTER]: Handle NAT module load race 2005-09-06 15:09:43 -07:00
ip_nat_snmp_basic.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ip_nat_standalone.c [NETFILTER]: Handle NAT module load race 2005-09-06 15:09:43 -07:00
ip_nat_tftp.c [NETFILTER]: ip_conntrack_expect_related must not free expectation 2005-07-21 13:14:46 -07:00
ip_queue.c [NETLINK]: Add "groups" argument to netlink_kernel_create 2005-08-29 16:01:11 -07:00
ip_tables.c [NETFILTER]: Add goto target 2005-08-29 16:04:18 -07:00
ipt_addrtype.c
ipt_ah.c
ipt_CLASSIFY.c [NETFILTER]: reduce netfilter sk_buff enlargement 2005-08-29 15:31:04 -07:00
ipt_CLUSTERIP.c [NETFILTER] CLUSTERIP: use a bitmap to store node responsibility data 2005-09-16 17:00:04 -07:00
ipt_comment.c
ipt_connbytes.c [NETFILTER]: Nicer names for ipt_connbytes constants 2005-08-29 15:58:17 -07:00
ipt_connmark.c [NETFILTER]: convert nfmark and conntrack mark to 32bit 2005-08-29 15:29:31 -07:00
ipt_CONNMARK.c [NETFILTER]: reduce netfilter sk_buff enlargement 2005-08-29 15:31:04 -07:00
ipt_conntrack.c
ipt_dccp.c [NETFILTER]: New iptables DCCP protocol header match 2005-08-29 15:54:28 -07:00
ipt_dscp.c
ipt_DSCP.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ipt_ecn.c
ipt_ECN.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ipt_esp.c
ipt_hashlimit.c [NET]: use __read_mostly on kmem_cache_t , DEFINE_SNMP_STAT pointers 2005-08-29 16:11:18 -07:00
ipt_helper.c [NETFILTER]: Kill lockhelp.h 2005-06-21 14:01:30 -07:00
ipt_iprange.c
ipt_length.c
ipt_limit.c
ipt_LOG.c [NETFILTER]: Extend netfilter logging API 2005-08-29 15:38:07 -07:00
ipt_mac.c
ipt_mark.c [NETFILTER]: convert nfmark and conntrack mark to 32bit 2005-08-29 15:29:31 -07:00
ipt_MARK.c [NETFILTER]: reduce netfilter sk_buff enlargement 2005-08-29 15:31:04 -07:00
ipt_MASQUERADE.c [NETFILTER]: Fix DHCP + MASQUERADE problem 2005-09-13 13:49:15 -07:00
ipt_multiport.c
ipt_NETMAP.c [NETFILTER]: Make NETMAP target usable in OUTPUT 2005-08-29 15:58:41 -07:00
ipt_NFQUEUE.c [NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink 2005-08-29 15:36:56 -07:00
ipt_NOTRACK.c
ipt_owner.c [PATCH] files: lock-free fd look-up 2005-09-09 13:57:55 -07:00
ipt_physdev.c
ipt_pkttype.c
ipt_realm.c
ipt_recent.c [NETFILTER]: ipt_recent: last_pkts is an array of "unsigned long" not "u_int32_t" 2005-06-15 20:51:14 -07:00
ipt_REDIRECT.c [NETFILTER]: Fix rcu race in ipt_REDIRECT 2005-09-13 13:48:58 -07:00
ipt_REJECT.c [XFRM]: Always release dst_entry on error in xfrm_lookup 2005-09-08 15:11:55 -07:00
ipt_SAME.c
ipt_sctp.c
ipt_state.c
ipt_string.c [NETFILTER]: Add string match 2005-08-29 16:04:07 -07:00
ipt_tcpmss.c
ipt_TCPMSS.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ipt_tos.c
ipt_TOS.c [NETFILTER]: Rename skb_ip_make_writable() to skb_make_writable() 2005-08-29 15:34:40 -07:00
ipt_ttl.c
ipt_TTL.c [NETFILTER]: Add new iptables TTL target 2005-08-29 16:13:22 -07:00
ipt_ULOG.c [NETLINK]: Add "groups" argument to netlink_kernel_create 2005-08-29 16:01:11 -07:00
iptable_filter.c
iptable_mangle.c
iptable_raw.c [NETFILTER]: Missing owner-field initialization in iptable_raw 2005-05-03 14:23:13 -07:00
Kconfig [NETFILTER]: Add new PPTP conntrack and NAT helper 2005-09-19 15:33:08 -07:00
Makefile [NETFILTER]: Add new PPTP conntrack and NAT helper 2005-09-19 15:33:08 -07:00