* Re: FIX: connlimit NULL pointer kernel panic (was: connlimit patch crashes 2.6.11 kernel) [not found] <20050519075405.7DF8640023@socios.momona.org> @ 2005-05-19 11:30 ` Pablo Neira 2005-06-11 15:03 ` FIX: connlimit NULL pointer kernel panic Patrick McHardy 0 siblings, 1 reply; 4+ messages in thread From: Pablo Neira @ 2005-05-19 11:30 UTC (permalink / raw) To: Forte Systems - Iosif Peterfi; +Cc: mateusz, netfilter-devel, kaber [-- Attachment #1: Type: text/plain, Size: 364 bytes --] Forte Systems - Iosif Peterfi wrote: > Here is a diff -urN patch for what has been discussed except the conntrack > event-api. Works fine on 2.6.1-gentoo-r8, patch-o-matic-ng-20050516. Hm, didn't I also tell you that you have to sed 's/spin_unlock/spin_unlock_bh'? well, it doesn't matter, attached the correct patch that applies cleanly to pom-ng. -- Pablo [-- Attachment #2: x --] [-- Type: text/plain, Size: 1583 bytes --] Index: linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c =================================================================== --- linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c (revision 3922) +++ linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c (working copy) @@ -55,7 +55,7 @@ struct ipt_connlimit_conn *conn; struct list_head *hash,*lh; - spin_lock(&data->lock); + spin_lock_bh(&data->lock); tuple = ct->tuplehash[0].tuple; hash = &data->iphash[ipt_iphash(addr & mask)]; @@ -64,9 +64,10 @@ struct ip_conntrack *found_ct = NULL; conn = list_entry(lh,struct ipt_connlimit_conn,list); found = ip_conntrack_find_get(&conn->tuple,ct); - if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) && - found != NULL && (found_ct = tuplehash_to_ctrack(found)) != NULL && - found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) { + if (found != NULL + && (found_ct = tuplehash_to_ctrack(found)) != NULL + && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) + && found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) { /* Just to be sure we have it only once in the list. We should'nt see tuples twice unless someone hooks this into a table without "-p tcp --syn" */ @@ -111,7 +112,7 @@ #endif conn = kmalloc(sizeof(*conn),GFP_ATOMIC); if (NULL == conn) { - spin_unlock(&data->lock); + spin_unlock_bh(&data->lock); return -1; } memset(conn,0,sizeof(*conn)); @@ -120,7 +121,7 @@ list_add(&conn->list,hash); matches++; } - spin_unlock(&data->lock); + spin_unlock_bh(&data->lock); return matches; } ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FIX: connlimit NULL pointer kernel panic 2005-05-19 11:30 ` FIX: connlimit NULL pointer kernel panic (was: connlimit patch crashes 2.6.11 kernel) Pablo Neira @ 2005-06-11 15:03 ` Patrick McHardy 2005-06-19 12:12 ` Pablo Neira 0 siblings, 1 reply; 4+ messages in thread From: Patrick McHardy @ 2005-06-11 15:03 UTC (permalink / raw) To: Pablo Neira; +Cc: mateusz, netfilter-devel Pablo Neira wrote: > Forte Systems - Iosif Peterfi wrote: > >> Here is a diff -urN patch for what has been discussed except the >> conntrack >> event-api. Works fine on 2.6.1-gentoo-r8, patch-o-matic-ng-20050516. > > > Hm, didn't I also tell you that you have to sed > 's/spin_unlock/spin_unlock_bh'? > > well, it doesn't matter, attached the correct patch that applies cleanly > to pom-ng. Thanks Pablo, I've applied the patch. Can you send patches for the 2.4 and the old 2.6 version too? Regards Patrick ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FIX: connlimit NULL pointer kernel panic 2005-06-11 15:03 ` FIX: connlimit NULL pointer kernel panic Patrick McHardy @ 2005-06-19 12:12 ` Pablo Neira 2005-06-19 12:18 ` Patrick McHardy 0 siblings, 1 reply; 4+ messages in thread From: Pablo Neira @ 2005-06-19 12:12 UTC (permalink / raw) To: Patrick McHardy; +Cc: mateusz, netfilter-devel [-- Attachment #1: Type: text/plain, Size: 558 bytes --] Patrick McHardy wrote: > Pablo Neira wrote: > >>Forte Systems - Iosif Peterfi wrote: >> >> >>>Here is a diff -urN patch for what has been discussed except the >>>conntrack >>>event-api. Works fine on 2.6.1-gentoo-r8, patch-o-matic-ng-20050516. >> >> >>Hm, didn't I also tell you that you have to sed >>'s/spin_unlock/spin_unlock_bh'? >> >>well, it doesn't matter, attached the correct patch that applies cleanly >>to pom-ng. > > > Thanks Pablo, I've applied the patch. Can you send patches for the 2.4 > and the old 2.6 version too? Attached. -- Pablo [-- Attachment #2: x --] [-- Type: text/plain, Size: 2614 bytes --] Index: linux/net/ipv4/netfilter/ipt_connlimit.c =================================================================== --- linux/net/ipv4/netfilter/ipt_connlimit.c (revision 3889) +++ linux/net/ipv4/netfilter/ipt_connlimit.c (working copy) @@ -55,7 +55,7 @@ struct ipt_connlimit_conn *conn; struct list_head *hash,*lh; - spin_lock(&data->lock); + spin_lock_bh(&data->lock); tuple = ct->tuplehash[0].tuple; hash = &data->iphash[ipt_iphash(addr & mask)]; @@ -63,8 +63,8 @@ for (lh = hash->next; lh != hash; lh = lh->next) { conn = list_entry(lh,struct ipt_connlimit_conn,list); found = ip_conntrack_find_get(&conn->tuple,ct); - if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) && - found != NULL && + if (found != NULL && + 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) && found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) { /* Just to be sure we have it only once in the list. We should'nt see tuples twice unless someone hooks this @@ -117,7 +117,7 @@ list_add(&conn->list,hash); matches++; } - spin_unlock(&data->lock); + spin_unlock_bh(&data->lock); return matches; } Index: linux-2.6/net/ipv4/netfilter/ipt_connlimit.c =================================================================== --- linux-2.6/net/ipv4/netfilter/ipt_connlimit.c (revision 3889) +++ linux-2.6/net/ipv4/netfilter/ipt_connlimit.c (working copy) @@ -55,7 +55,7 @@ struct ipt_connlimit_conn *conn; struct list_head *hash,*lh; - spin_lock(&data->lock); + spin_lock_bh(&data->lock); tuple = ct->tuplehash[0].tuple; hash = &data->iphash[ipt_iphash(addr & mask)]; @@ -63,9 +63,9 @@ for (lh = hash->next; lh != hash; lh = lh->next) { conn = list_entry(lh,struct ipt_connlimit_conn,list); found = ip_conntrack_find_get(&conn->tuple,ct); - if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) && - found != NULL && - found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) { + if (found != NULL + && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) + && found->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) { /* Just to be sure we have it only once in the list. We should'nt see tuples twice unless someone hooks this into a table without "-p tcp --syn" */ @@ -110,7 +110,7 @@ #endif conn = kmalloc(sizeof(*conn),GFP_ATOMIC); if (NULL == conn) { - spin_unlock(&data->lock); + spin_unlock_bh(&data->lock); return -1; } memset(conn,0,sizeof(*conn)); @@ -119,7 +119,7 @@ list_add(&conn->list,hash); matches++; } - spin_unlock(&data->lock); + spin_unlock_bh(&data->lock); return matches; } ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FIX: connlimit NULL pointer kernel panic 2005-06-19 12:12 ` Pablo Neira @ 2005-06-19 12:18 ` Patrick McHardy 0 siblings, 0 replies; 4+ messages in thread From: Patrick McHardy @ 2005-06-19 12:18 UTC (permalink / raw) To: Pablo Neira; +Cc: mateusz, netfilter-devel Pablo Neira wrote: >> Thanks Pablo, I've applied the patch. Can you send patches for the 2.4 >> and the old 2.6 version too? > > Attached. Applied, thanks a lot. Regards Patrick ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-06-19 12:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20050519075405.7DF8640023@socios.momona.org>
2005-05-19 11:30 ` FIX: connlimit NULL pointer kernel panic (was: connlimit patch crashes 2.6.11 kernel) Pablo Neira
2005-06-11 15:03 ` FIX: connlimit NULL pointer kernel panic Patrick McHardy
2005-06-19 12:12 ` Pablo Neira
2005-06-19 12:18 ` Patrick McHardy
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.