All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira <pablo@eurodev.net>
To: Patrick McHardy <kaber@trash.net>, netfilter-devel@lists.netfilter.org
Subject: Re: patch for conntrack expectations
Date: Sat, 06 Mar 2004 02:24:56 +0100	[thread overview]
Message-ID: <40492868.1060105@eurodev.net> (raw)
In-Reply-To: <4049245E.60908@trash.net>

[-- Attachment #1: Type: text/plain, Size: 478 bytes --]

Patrick McHardy wrote:

> The patch looks fine, except for one thing, you return from the function
> after a failed memory allocation without dropping amanda_buffer_lock.

ok, I fixed this problem.

> My
> advice of returning NF_DROP from a helper in case of memory allocation
> wasn't right anyway, connection tracking should not drop packets. Just
> replace that return with a break and it's fine.

Also fixed. Attached last modification. Thanks patrick.

Best regards,
Pablo

[-- Attachment #2: amanda-expect_alloc-2.patch --]
[-- Type: text/plain, Size: 2421 bytes --]

--- linux-2.6.3-old/net/ipv4/netfilter/ip_conntrack_amanda.c	2004-03-05 03:24:47.000000000 +0100
+++ linux-2.6.3/net/ipv4/netfilter/ip_conntrack_amanda.c	2004-03-06 02:22:20.000000000 +0100
@@ -46,10 +46,11 @@
 static int help(struct sk_buff *skb,
                 struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
 {
-	struct ip_conntrack_expect exp;
+	struct ip_conntrack_expect *exp;
 	struct ip_ct_amanda_expect *exp_amanda_info;
 	char *data, *data_limit, *tmp;
 	unsigned int dataoff, i;
+	u_int16_t port, len;
 
 	/* Only look at packets from the Amanda server */
 	if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
@@ -79,33 +80,40 @@
 		goto out;
 	data += strlen("CONNECT ");
 
-	memset(&exp, 0, sizeof(exp));
-	exp.tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
-	exp.tuple.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
-	exp.tuple.dst.protonum = IPPROTO_TCP;
-	exp.mask.src.ip = 0xFFFFFFFF;
-	exp.mask.dst.ip = 0xFFFFFFFF;
-	exp.mask.dst.protonum = 0xFFFF;
-	exp.mask.dst.u.tcp.port = 0xFFFF;
-
 	/* Only search first line. */	
 	if ((tmp = strchr(data, '\n')))
 		*tmp = '\0';
 
-	exp_amanda_info = &exp.help.exp_amanda_info;
 	for (i = 0; i < ARRAY_SIZE(conns); i++) {
 		char *match = strstr(data, conns[i]);
 		if (!match)
 			continue;
 		tmp = data = match + strlen(conns[i]);
-		exp_amanda_info->offset = data - amanda_buffer;
-		exp_amanda_info->port   = simple_strtoul(data, &data, 10);
-		exp_amanda_info->len    = data - tmp;
-		if (exp_amanda_info->port == 0 || exp_amanda_info->len > 5)
+		port = simple_strtoul(data, &data, 10);
+		len = data - tmp;
+		if (port == 0 || len > 5)
 			break;
 
-		exp.tuple.dst.u.tcp.port = htons(exp_amanda_info->port);
-		ip_conntrack_expect_related(ct, &exp);
+		exp = ip_conntrack_expect_alloc();
+		if (exp == NULL)
+			goto out;
+
+		exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
+		exp->tuple.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+		exp->tuple.dst.protonum = IPPROTO_TCP;
+		exp->mask.src.ip = 0xFFFFFFFF;
+		exp->mask.dst.ip = 0xFFFFFFFF;
+		exp->mask.dst.protonum = 0xFFFF;
+		exp->mask.dst.u.tcp.port = 0xFFFF;
+
+		exp_amanda_info = &exp->help.exp_amanda_info;
+		exp_amanda_info->offset = data - amanda_buffer;
+		exp_amanda_info->port   = port;
+		exp_amanda_info->len    = len;
+
+		exp->tuple.dst.u.tcp.port = htons(port);
+
+		ip_conntrack_expect_related(exp, ct);
 	}
 
 out:

  reply	other threads:[~2004-03-06  1:24 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <403014C5.8080102@eurodev.net>
2004-02-17 21:32 ` patch for conntrack expectations Harald Welte
2004-02-18  5:15   ` Pablo Neira
2004-02-18 17:25     ` Harald Welte
2004-02-18 17:37       ` Pablo Neira
2004-02-22 13:40       ` Pablo Neira
2004-02-24  9:40         ` Harald Welte
2004-02-24  9:54           ` Patrick McHardy
2004-02-24 10:24             ` Harald Welte
2004-02-24 16:32               ` Patrick McHardy
2004-02-25 16:45                 ` Pablo Neira
2004-02-25 17:27                   ` Patrick McHardy
2004-02-25 17:59                     ` Patrick McHardy
2004-03-03 23:23                   ` Patrick McHardy
2004-03-03 23:38                     ` Pablo Neira
2004-03-03 23:52                       ` Patrick McHardy
2004-03-03 23:50                     ` Patrick McHardy
2004-03-04  0:12                       ` Pablo Neira
2004-03-04  0:10                     ` Pablo Neira
2004-03-06  0:15                     ` Pablo Neira
2004-03-06  1:07                       ` Patrick McHardy
2004-03-06  1:24                         ` Pablo Neira [this message]
2004-03-06  1:37                           ` Patrick McHardy
2004-02-25 16:29           ` Pablo Neira
2004-02-28 11:17           ` Pablo Neira
2004-03-09 17:15           ` Pablo Neira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=40492868.1060105@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.