[NETFILTER 4/9]: Fix ip_conntrack_flush abuse in ctnetlink

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: David S. Miller <davem@davemloft.net>
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 4/9]: Fix ip_conntrack_flush abuse in ctnetlink
Date: Sun, 04 Dec 2005 22:01:21 +0100	[thread overview]
Message-ID: <20051204210121.24032.27250.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20051204210116.24032.9802.sendpatchset@localhost.localdomain>

[NETFILTER]: Fix ip_conntrack_flush abuse in ctnetlink

ip_conntrack_flush() used to be part of ip_conntrack_cleanup(), which needs
to drop _all_ references on module unload. Table flushed using ctnetlink
just needs to clean the table and doesn't need to flush the event cache or
wait for any references attached to skbs. Move everything but pure table
flushing back to ip_conntrack_cleanup().

Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit 01563e56ad1c48c85e1258e2eaabcc270385e1a5
tree 244d6a9b8cbe0daf3be9f356d9c69018a75de7ad
parent 5b33d73e5d4153241c8e2378332f9810f4eca160
author Patrick McHardy <kaber@trash.net> Sun, 04 Dec 2005 16:54:55 +0100
committer Patrick McHardy <kaber@trash.net> Sun, 04 Dec 2005 16:54:55 +0100

 net/ipv4/netfilter/ip_conntrack_core.c |   20 +++++++++++---------
 1 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 7a4ecdd..84c66db 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1345,6 +1345,11 @@ static int kill_all(struct ip_conntrack 
 	return 1;
 }
 
+void ip_conntrack_flush(void)
+{
+	ip_ct_iterate_cleanup(kill_all, NULL);
+}
+
 static void free_conntrack_hash(struct list_head *hash, int vmalloced,int size)
 {
 	if (vmalloced)
@@ -1354,8 +1359,12 @@ static void free_conntrack_hash(struct l
 			   get_order(sizeof(struct list_head) * size));
 }
 
-void ip_conntrack_flush(void)
+/* Mishearing the voices in his head, our hero wonders how he's
+   supposed to kill the mall. */
+void ip_conntrack_cleanup(void)
 {
+	ip_ct_attach = NULL;
+
 	/* This makes sure all current packets have passed through
            netfilter framework.  Roll on, two-stage module
            delete... */
@@ -1363,7 +1372,7 @@ void ip_conntrack_flush(void)
 
 	ip_ct_event_cache_flush();
  i_see_dead_people:
-	ip_ct_iterate_cleanup(kill_all, NULL);
+	ip_conntrack_flush();
 	if (atomic_read(&ip_conntrack_count) != 0) {
 		schedule();
 		goto i_see_dead_people;
@@ -1371,14 +1380,7 @@ void ip_conntrack_flush(void)
 	/* wait until all references to ip_conntrack_untracked are dropped */
 	while (atomic_read(&ip_conntrack_untracked.ct_general.use) > 1)
 		schedule();
-}
 
-/* Mishearing the voices in his head, our hero wonders how he's
-   supposed to kill the mall. */
-void ip_conntrack_cleanup(void)
-{
-	ip_ct_attach = NULL;
-	ip_conntrack_flush();
 	kmem_cache_destroy(ip_conntrack_cachep);
 	kmem_cache_destroy(ip_conntrack_expect_cachep);
 	free_conntrack_hash(ip_conntrack_hash, ip_conntrack_vmalloc,

next prev parent reply	other threads:[~2005-12-04 21:01 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-04 21:01 [NETFILTER 0/9]: Netfilter fixes Patrick McHardy
2005-12-04 21:01 ` [NETFILTER 1/9]: nf_conntrack: Fix missing check for ICMPv6 type Patrick McHardy
2005-12-04 21:01 ` [NETFILTER 2/9]: nfnetlink: Fix calculation of minimum message length Patrick McHardy
2005-12-04 21:01 ` [NETFILTER 3/9]: Fix incorrect argument to ip_nat_initialized() in ctnetlink Patrick McHardy
2005-12-04 21:01 ` Patrick McHardy [this message]
2005-12-04 21:01 ` [NETFILTER 5/9]: Fix CTA_PROTO_NUM attribute size " Patrick McHardy
2005-12-04 21:01 ` [NETFILTER 6/9]: Mark ctnetlink as EXPERIMENTAL Patrick McHardy
2005-12-05 10:06   ` Pablo Neira Ayuso
2005-12-05 15:26     ` Patrick McHardy
2005-12-05 21:38       ` David S. Miller
2005-12-04 21:01 ` [NETFILTER 7/9]: Wait for untracked references in nf_conntrack module unload Patrick McHardy
2005-12-04 21:01 ` [NETFILTER 8/9]: Fix unbalanced read_unlock_bh in ctnetlink Patrick McHardy
2005-12-04 21:01 ` [NETFILTER 9/9]: Don't use conntrack entry after dropping the reference Patrick McHardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7a4ecdd dfblob:84c66db )
 OR (
bs:"[NETFILTER 4/9]: Fix ip_conntrack_flush abuse in ctnetlink" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051204210121.24032.27250.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.