From: Patrick McHardy <kaber@trash.net>
To: Kapil Juneja <Kapil.Juneja@freescale.com>
Cc: netfilter-devel@vger.kernel.org,
Emil Medve <Emilian.Medve@freescale.com>
Subject: Re: [PATCH] nf_conntrack_core: Updated nf_conntrack to destroy/refresh conn irrespective of del_timer status
Date: Mon, 25 Feb 2008 13:11:02 +0100 [thread overview]
Message-ID: <47C2B056.3010609@trash.net> (raw)
In-Reply-To: <1203916760-12951-1-git-send-email-Kapil.Juneja@freescale.com>
Kapil Juneja wrote:
> Currently NF_CONNTRACK assumes that a running timer is present before refreshing
> the connection or destroying it. This may not be the case when, for example,
> another forwarding engine hooks up to it to listen to new connections
> but disables the NF_CONNTRACK timer in order to have more control.
> In such a scenario, only control packets may be terminated to NF_CONNTRACK for
> it to decode and update the connection status. It will not impact the present
> scenario of kernel forwarding without the aid of any forwarding engine.
Do you have a pointer to the code you're talking about?
> + if (newtime - ct->timeout.expires >= HZ) {
> + /*
> + * The timer could have already been deleted
> + * while still alive (for example connection
> + * offloaded to a forwarding module other than
> + * the kernel stack).
> + */
> + mod_timer(&ct->timeout, newtime);
> event = IPCT_REFRESH;
This adds a race, we don't want to update the timer if it already
went off this that means the connection is already destroyed.
Same problem with the other chunk.
next prev parent reply other threads:[~2008-02-25 12:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-25 5:19 [PATCH] nf_conntrack_core: Updated nf_conntrack to destroy/refresh conn irrespective of del_timer status Kapil Juneja
2008-02-25 12:11 ` Patrick McHardy [this message]
2008-02-26 7:39 ` Juneja Kapil
2008-02-27 13:00 ` Patrick McHardy
2008-02-29 9:26 ` Juneja Kapil
2008-02-29 12:23 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47C2B056.3010609@trash.net \
--to=kaber@trash.net \
--cc=Emilian.Medve@freescale.com \
--cc=Kapil.Juneja@freescale.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.