* ip_ct_refresh lock issue
@ 2004-02-28 14:18 Pablo Neira
2004-02-28 14:54 ` Henrik Nordstrom
0 siblings, 1 reply; 3+ messages in thread
From: Pablo Neira @ 2004-02-28 14:18 UTC (permalink / raw)
To: netfilter-devel
Hi list,
I can't see the reason why in ip_ct_refresh the conntrack is locked to
modify an not confirmed conntrack timeout.
It isn't inserted in the conntrack table yet, so why do we need to do
that? any possible race here?
WRITE_LOCK(&ip_conntrack_lock);
/* If not in hash table, timer will not be active yet */
if (!is_confirmed(ct))
ct->timeout.expires = extra_jiffies;
else {
/* Need del_timer for race avoidance (may already be
dying). */
if (del_timer(&ct->timeout)) {
ct->timeout.expires = jiffies + extra_jiffies;
add_timer(&ct->timeout);
}
}
WRITE_UNLOCK(&ip_conntrack_lock);
}
best regards,
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: ip_ct_refresh lock issue
2004-02-28 14:18 ip_ct_refresh lock issue Pablo Neira
@ 2004-02-28 14:54 ` Henrik Nordstrom
2004-02-28 15:04 ` Pablo Neira
0 siblings, 1 reply; 3+ messages in thread
From: Henrik Nordstrom @ 2004-02-28 14:54 UTC (permalink / raw)
To: Pablo Neira; +Cc: netfilter-devel
On Sat, 28 Feb 2004, Pablo Neira wrote:
> I can't see the reason why in ip_ct_refresh the conntrack is locked to
> modify an not confirmed conntrack timeout.
Good question.
But maybe there is some complication from NAT or related connections
requiring this locking?
If not the lock should probably be moved down to the is_confirmed case. If
the connections is not yet confirmed then the only reference should be
from this packet (not yet in the hashes) and there should never be any
concurrent accesses.
Regards
Henrik
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: ip_ct_refresh lock issue
2004-02-28 14:54 ` Henrik Nordstrom
@ 2004-02-28 15:04 ` Pablo Neira
0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira @ 2004-02-28 15:04 UTC (permalink / raw)
To: Henrik Nordstrom, netfilter-devel
Hi henrik,
Henrik Nordstrom wrote:
>But maybe there is some complication from NAT or related connections
>requiring this locking?
>
>
Actually a quick view at:
http://lxr.linux.no/ident?v=2.6.1&i=ip_ct_refresh
show me that this function is only called from conntrack related stuff,
specifically from protocol and helpers, so i can't see that complication
from NAT nor with related connections. Anyway, I'm not sure at all...
that's why i need some feedback.
>If not the lock should probably be moved down to the is_confirmed case. If
>the connections is not yet confirmed then the only reference should be
>from this packet (not yet in the hashes) and there should never be any
>concurrent accesses.
>
>
yes, this is exactly what i had in mind :-).
thanks,
Pablo
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2004-02-28 15:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-02-28 14:18 ip_ct_refresh lock issue Pablo Neira
2004-02-28 14:54 ` Henrik Nordstrom
2004-02-28 15:04 ` Pablo Neira
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.