* [PATCH 2/2] nf_conntrack: Don't try to find clashed expectation
@ 2006-12-04 0:38 Yasuyuki KOZAKAI
0 siblings, 0 replies; 2+ messages in thread
From: Yasuyuki KOZAKAI @ 2006-12-04 0:38 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel
The original code continues loop to find expectation in list if the master
conntrack of the found expectation is unconfirmed. But it never success
in that case, because nf_conntrack_expect_related() never insert
clashed expectation to the list.
This stops loop in that case.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
---
net/netfilter/nf_conntrack_expect.c | 27 +++++++++++++++------------
1 files changed, 15 insertions(+), 12 deletions(-)
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 588d379..7df8f9a 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -91,25 +91,28 @@ EXPORT_SYMBOL_GPL(nf_conntrack_expect_fi
struct nf_conntrack_expect *
find_expectation(const struct nf_conntrack_tuple *tuple)
{
- struct nf_conntrack_expect *i;
+ struct nf_conntrack_expect *exp;
+
+ exp = __nf_conntrack_expect_find(tuple);
+ if (!exp)
+ return NULL;
- list_for_each_entry(i, &nf_conntrack_expect_list, list) {
/* If master is not in hash table yet (ie. packet hasn't left
this machine yet), how can other end know about expected?
Hence these are not the droids you are looking for (if
master ct never got confirmed, we'd hold a reference to it
and weird things would happen to future packets). */
- if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
- && nf_ct_is_confirmed(i->master)) {
- if (i->flags & NF_CT_EXPECT_PERMANENT) {
- atomic_inc(&i->use);
- return i;
- } else if (del_timer(&i->timeout)) {
- nf_ct_unlink_expect(i);
- return i;
- }
- }
+ if (!nf_ct_is_confirmed(exp->master))
+ return NULL;
+
+ if (exp->flags & NF_CT_EXPECT_PERMANENT) {
+ atomic_inc(&exp->use);
+ return exp;
+ } else if (del_timer(&exp->timeout)) {
+ nf_ct_unlink_expect(exp);
+ return exp;
}
+
return NULL;
}
--
1.4.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH 2/2] nf_conntrack: Don't try to find clashed expectation
[not found] <200612040038.kB40cOJ2004000@toshiba.co.jp>
@ 2006-12-04 10:40 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2006-12-04 10:40 UTC (permalink / raw)
To: Yasuyuki KOZAKAI; +Cc: netfilter-devel
Yasuyuki KOZAKAI wrote:
> The original code continues loop to find expectation in list if the master
> conntrack of the found expectation is unconfirmed. But it never success
> in that case, because nf_conntrack_expect_related() never insert
> clashed expectation to the list.
>
> This stops loop in that case.
Also applied, thanks.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-12-04 10:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200612040038.kB40cOJ2004000@toshiba.co.jp>
2006-12-04 10:40 ` [PATCH 2/2] nf_conntrack: Don't try to find clashed expectation Patrick McHardy
2006-12-04 0:38 Yasuyuki KOZAKAI
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.