* Re: FIX: connlimit NULL pointer kernel panic (was: connlimit patch crashes 2.6.11 kernel)
[not found] <20050519075405.7DF8640023@socios.momona.org>
@ 2005-05-19 11:30 ` Pablo Neira
2005-06-11 15:03 ` FIX: connlimit NULL pointer kernel panic Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira @ 2005-05-19 11:30 UTC (permalink / raw)
To: Forte Systems - Iosif Peterfi; +Cc: mateusz, netfilter-devel, kaber
[-- Attachment #1: Type: text/plain, Size: 364 bytes --]
Forte Systems - Iosif Peterfi wrote:
> Here is a diff -urN patch for what has been discussed except the conntrack
> event-api. Works fine on 2.6.1-gentoo-r8, patch-o-matic-ng-20050516.
Hm, didn't I also tell you that you have to sed
's/spin_unlock/spin_unlock_bh'?
well, it doesn't matter, attached the correct patch that applies cleanly
to pom-ng.
--
Pablo
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1583 bytes --]
Index: linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c (revision 3922)
+++ linux-2.6.11/net/ipv4/netfilter/ipt_connlimit.c (working copy)
@@ -55,7 +55,7 @@
struct ipt_connlimit_conn *conn;
struct list_head *hash,*lh;
- spin_lock(&data->lock);
+ spin_lock_bh(&data->lock);
tuple = ct->tuplehash[0].tuple;
hash = &data->iphash[ipt_iphash(addr & mask)];
@@ -64,9 +64,10 @@
struct ip_conntrack *found_ct = NULL;
conn = list_entry(lh,struct ipt_connlimit_conn,list);
found = ip_conntrack_find_get(&conn->tuple,ct);
- if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
- found != NULL && (found_ct = tuplehash_to_ctrack(found)) != NULL &&
- found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+ if (found != NULL
+ && (found_ct = tuplehash_to_ctrack(found)) != NULL
+ && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple))
+ && found_ct->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
/* Just to be sure we have it only once in the list.
We should'nt see tuples twice unless someone hooks this
into a table without "-p tcp --syn" */
@@ -111,7 +112,7 @@
#endif
conn = kmalloc(sizeof(*conn),GFP_ATOMIC);
if (NULL == conn) {
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return -1;
}
memset(conn,0,sizeof(*conn));
@@ -120,7 +121,7 @@
list_add(&conn->list,hash);
matches++;
}
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return matches;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FIX: connlimit NULL pointer kernel panic
2005-05-19 11:30 ` FIX: connlimit NULL pointer kernel panic (was: connlimit patch crashes 2.6.11 kernel) Pablo Neira
@ 2005-06-11 15:03 ` Patrick McHardy
2005-06-19 12:12 ` Pablo Neira
0 siblings, 1 reply; 4+ messages in thread
From: Patrick McHardy @ 2005-06-11 15:03 UTC (permalink / raw)
To: Pablo Neira; +Cc: mateusz, netfilter-devel
Pablo Neira wrote:
> Forte Systems - Iosif Peterfi wrote:
>
>> Here is a diff -urN patch for what has been discussed except the
>> conntrack
>> event-api. Works fine on 2.6.1-gentoo-r8, patch-o-matic-ng-20050516.
>
>
> Hm, didn't I also tell you that you have to sed
> 's/spin_unlock/spin_unlock_bh'?
>
> well, it doesn't matter, attached the correct patch that applies cleanly
> to pom-ng.
Thanks Pablo, I've applied the patch. Can you send patches for the 2.4
and the old 2.6 version too?
Regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FIX: connlimit NULL pointer kernel panic
2005-06-11 15:03 ` FIX: connlimit NULL pointer kernel panic Patrick McHardy
@ 2005-06-19 12:12 ` Pablo Neira
2005-06-19 12:18 ` Patrick McHardy
0 siblings, 1 reply; 4+ messages in thread
From: Pablo Neira @ 2005-06-19 12:12 UTC (permalink / raw)
To: Patrick McHardy; +Cc: mateusz, netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 558 bytes --]
Patrick McHardy wrote:
> Pablo Neira wrote:
>
>>Forte Systems - Iosif Peterfi wrote:
>>
>>
>>>Here is a diff -urN patch for what has been discussed except the
>>>conntrack
>>>event-api. Works fine on 2.6.1-gentoo-r8, patch-o-matic-ng-20050516.
>>
>>
>>Hm, didn't I also tell you that you have to sed
>>'s/spin_unlock/spin_unlock_bh'?
>>
>>well, it doesn't matter, attached the correct patch that applies cleanly
>>to pom-ng.
>
>
> Thanks Pablo, I've applied the patch. Can you send patches for the 2.4
> and the old 2.6 version too?
Attached.
--
Pablo
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 2614 bytes --]
Index: linux/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- linux/net/ipv4/netfilter/ipt_connlimit.c (revision 3889)
+++ linux/net/ipv4/netfilter/ipt_connlimit.c (working copy)
@@ -55,7 +55,7 @@
struct ipt_connlimit_conn *conn;
struct list_head *hash,*lh;
- spin_lock(&data->lock);
+ spin_lock_bh(&data->lock);
tuple = ct->tuplehash[0].tuple;
hash = &data->iphash[ipt_iphash(addr & mask)];
@@ -63,8 +63,8 @@
for (lh = hash->next; lh != hash; lh = lh->next) {
conn = list_entry(lh,struct ipt_connlimit_conn,list);
found = ip_conntrack_find_get(&conn->tuple,ct);
- if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
- found != NULL &&
+ if (found != NULL &&
+ 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
/* Just to be sure we have it only once in the list.
We should'nt see tuples twice unless someone hooks this
@@ -117,7 +117,7 @@
list_add(&conn->list,hash);
matches++;
}
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return matches;
}
Index: linux-2.6/net/ipv4/netfilter/ipt_connlimit.c
===================================================================
--- linux-2.6/net/ipv4/netfilter/ipt_connlimit.c (revision 3889)
+++ linux-2.6/net/ipv4/netfilter/ipt_connlimit.c (working copy)
@@ -55,7 +55,7 @@
struct ipt_connlimit_conn *conn;
struct list_head *hash,*lh;
- spin_lock(&data->lock);
+ spin_lock_bh(&data->lock);
tuple = ct->tuplehash[0].tuple;
hash = &data->iphash[ipt_iphash(addr & mask)];
@@ -63,9 +63,9 @@
for (lh = hash->next; lh != hash; lh = lh->next) {
conn = list_entry(lh,struct ipt_connlimit_conn,list);
found = ip_conntrack_find_get(&conn->tuple,ct);
- if (0 == memcmp(&conn->tuple,&tuple,sizeof(tuple)) &&
- found != NULL &&
- found->ctrack->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
+ if (found != NULL
+ && 0 == memcmp(&conn->tuple,&tuple,sizeof(tuple))
+ && found->proto.tcp.state != TCP_CONNTRACK_TIME_WAIT) {
/* Just to be sure we have it only once in the list.
We should'nt see tuples twice unless someone hooks this
into a table without "-p tcp --syn" */
@@ -110,7 +110,7 @@
#endif
conn = kmalloc(sizeof(*conn),GFP_ATOMIC);
if (NULL == conn) {
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return -1;
}
memset(conn,0,sizeof(*conn));
@@ -119,7 +119,7 @@
list_add(&conn->list,hash);
matches++;
}
- spin_unlock(&data->lock);
+ spin_unlock_bh(&data->lock);
return matches;
}
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FIX: connlimit NULL pointer kernel panic
2005-06-19 12:12 ` Pablo Neira
@ 2005-06-19 12:18 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-06-19 12:18 UTC (permalink / raw)
To: Pablo Neira; +Cc: mateusz, netfilter-devel
Pablo Neira wrote:
>> Thanks Pablo, I've applied the patch. Can you send patches for the 2.4
>> and the old 2.6 version too?
>
> Attached.
Applied, thanks a lot.
Regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-06-19 12:18 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20050519075405.7DF8640023@socios.momona.org>
2005-05-19 11:30 ` FIX: connlimit NULL pointer kernel panic (was: connlimit patch crashes 2.6.11 kernel) Pablo Neira
2005-06-11 15:03 ` FIX: connlimit NULL pointer kernel panic Patrick McHardy
2005-06-19 12:12 ` Pablo Neira
2005-06-19 12:18 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.