From: Patrick McHardy <kaber@trash.net>
To: stable@kernel.org
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org, davem@davemloft.net
Subject: netfilter -stable 02/04: nf_conntrack: netns fix re reliable conntrack event delivery
Date: Thu, 17 Sep 2009 13:58:28 +0200 (MEST) [thread overview]
Message-ID: <20090917115825.12728.69202.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20090917115823.12728.87778.sendpatchset@x2.localnet>
commit 352a76c896217cfa1d61a49e5b2e3f1e9760943f
Author: Patrick McHardy <kaber@trash.net>
Date: Thu Sep 17 13:28:48 2009 +0200
netfilter: nf_conntrack: netns fix re reliable conntrack event delivery
Upstream commit ee254fa4:
Conntracks in netns other than init_net dying list were never killed.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index b5869b9..b8614c6 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1089,14 +1089,14 @@ void nf_conntrack_flush_report(struct net *net, u32 pid, int report)
}
EXPORT_SYMBOL_GPL(nf_conntrack_flush_report);
-static void nf_ct_release_dying_list(void)
+static void nf_ct_release_dying_list(struct net *net)
{
struct nf_conntrack_tuple_hash *h;
struct nf_conn *ct;
struct hlist_nulls_node *n;
spin_lock_bh(&nf_conntrack_lock);
- hlist_nulls_for_each_entry(h, n, &init_net.ct.dying, hnnode) {
+ hlist_nulls_for_each_entry(h, n, &net->ct.dying, hnnode) {
ct = nf_ct_tuplehash_to_ctrack(h);
/* never fails to remove them, no listeners at this point */
nf_ct_kill(ct);
@@ -1115,7 +1115,7 @@ static void nf_conntrack_cleanup_net(struct net *net)
{
i_see_dead_people:
nf_ct_iterate_cleanup(net, kill_all, NULL);
- nf_ct_release_dying_list();
+ nf_ct_release_dying_list(net);
if (atomic_read(&net->ct.count) != 0) {
schedule();
goto i_see_dead_people;
next prev parent reply other threads:[~2009-09-17 11:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-17 11:58 netfilter -stable 00/04: Netfilter -stable fixes Patrick McHardy
2009-09-17 11:58 ` netfilter -stable 01/04: nf_nat: fix inverted logic for persistent NAT mappings Patrick McHardy
2009-09-17 11:58 ` Patrick McHardy [this message]
2009-09-17 11:58 ` netfilter -stable 03/04: bridge: refcount fix Patrick McHardy
2009-09-17 11:58 ` netfilter -stable 04/04: ebt_ulog: fix checkentry return value Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090917115825.12728.69202.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.