* [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length()
@ 2013-08-29 8:32 Patrick McHardy
2013-08-29 10:38 ` Jesper Dangaard Brouer
2013-09-04 12:57 ` Pablo Neira Ayuso
0 siblings, 2 replies; 4+ messages in thread
From: Patrick McHardy @ 2013-08-29 8:32 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel, mph, jesper.brouer
With CONFIG_NETFILTER_DEBUG we get the following warning during SYNPROXY init:
[ 80.558906] WARNING: CPU: 1 PID: 4833 at net/netfilter/nf_conntrack_extend.c:80 __nf_ct_ext_add_length+0x217/0x220 [nf_conntrack]()
The reason is that the conntrack template is set to confirmed before adding
the extension and it is invalid to add extensions to already confirmed
conntracks. Fix by adding the extensions before setting the conntrack to
confirmed.
Reported-by: Jesper Dangaard Brouer <jesper.brouer@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/netfilter/nf_synproxy_core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
index d23dc79..6fd967c 100644
--- a/net/netfilter/nf_synproxy_core.c
+++ b/net/netfilter/nf_synproxy_core.c
@@ -356,12 +356,12 @@ static int __net_init synproxy_net_init(struct net *net)
goto err1;
}
- __set_bit(IPS_TEMPLATE_BIT, &ct->status);
- __set_bit(IPS_CONFIRMED_BIT, &ct->status);
if (!nfct_seqadj_ext_add(ct))
goto err2;
if (!nfct_synproxy_ext_add(ct))
goto err2;
+ __set_bit(IPS_TEMPLATE_BIT, &ct->status);
+ __set_bit(IPS_CONFIRMED_BIT, &ct->status);
snet->tmpl = ct;
--
1.8.1.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length()
2013-08-29 8:32 [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length() Patrick McHardy
@ 2013-08-29 10:38 ` Jesper Dangaard Brouer
2013-09-04 12:56 ` Pablo Neira Ayuso
2013-09-04 12:57 ` Pablo Neira Ayuso
1 sibling, 1 reply; 4+ messages in thread
From: Jesper Dangaard Brouer @ 2013-08-29 10:38 UTC (permalink / raw)
To: Patrick McHardy; +Cc: pablo, netfilter-devel, mph
On Thu, 29 Aug 2013 10:32:09 +0200
Patrick McHardy <kaber@trash.net> wrote:
> With CONFIG_NETFILTER_DEBUG we get the following warning during SYNPROXY init:
>
> [ 80.558906] WARNING: CPU: 1 PID: 4833 at net/netfilter/nf_conntrack_extend.c:80 __nf_ct_ext_add_length+0x217/0x220 [nf_conntrack]()
>
> The reason is that the conntrack template is set to confirmed before adding
> the extension and it is invalid to add extensions to already confirmed
> conntracks. Fix by adding the extensions before setting the conntrack to
> confirmed.
>
> Reported-by: Jesper Dangaard Brouer <jesper.brouer@gmail.com>
> Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
I have verified that the warning is gone after this patch, thanks!
--
Best regards,
Jesper Dangaard Brouer
MSc.CS, Sr. Network Kernel Developer at Red Hat
Author of http://www.iptv-analyzer.org
LinkedIn: http://www.linkedin.com/in/brouer
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length()
2013-08-29 10:38 ` Jesper Dangaard Brouer
@ 2013-09-04 12:56 ` Pablo Neira Ayuso
0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-04 12:56 UTC (permalink / raw)
To: Jesper Dangaard Brouer; +Cc: Patrick McHardy, netfilter-devel, mph
On Thu, Aug 29, 2013 at 12:38:52PM +0200, Jesper Dangaard Brouer wrote:
> On Thu, 29 Aug 2013 10:32:09 +0200
> Patrick McHardy <kaber@trash.net> wrote:
>
> > With CONFIG_NETFILTER_DEBUG we get the following warning during SYNPROXY init:
> >
> > [ 80.558906] WARNING: CPU: 1 PID: 4833 at net/netfilter/nf_conntrack_extend.c:80 __nf_ct_ext_add_length+0x217/0x220 [nf_conntrack]()
> >
> > The reason is that the conntrack template is set to confirmed before adding
> > the extension and it is invalid to add extensions to already confirmed
> > conntracks. Fix by adding the extensions before setting the conntrack to
> > confirmed.
> >
> > Reported-by: Jesper Dangaard Brouer <jesper.brouer@gmail.com>
> > Signed-off-by: Patrick McHardy <kaber@trash.net>
>
> Acked-by: Jesper Dangaard Brouer <brouer@redhat.com>
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length()
2013-08-29 8:32 [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length() Patrick McHardy
2013-08-29 10:38 ` Jesper Dangaard Brouer
@ 2013-09-04 12:57 ` Pablo Neira Ayuso
1 sibling, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-04 12:57 UTC (permalink / raw)
To: Patrick McHardy; +Cc: netfilter-devel, mph, jesper.brouer
On Thu, Aug 29, 2013 at 10:32:09AM +0200, Patrick McHardy wrote:
> With CONFIG_NETFILTER_DEBUG we get the following warning during SYNPROXY init:
>
> [ 80.558906] WARNING: CPU: 1 PID: 4833 at net/netfilter/nf_conntrack_extend.c:80 __nf_ct_ext_add_length+0x217/0x220 [nf_conntrack]()
>
> The reason is that the conntrack template is set to confirmed before adding
> the extension and it is invalid to add extensions to already confirmed
> conntracks. Fix by adding the extensions before setting the conntrack to
> confirmed.
applied, thanks Patrick.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-09-04 12:57 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-08-29 8:32 [PATCH] netfilter: SYNPROXY core: fix warning in __nf_ct_ext_add_length() Patrick McHardy
2013-08-29 10:38 ` Jesper Dangaard Brouer
2013-09-04 12:56 ` Pablo Neira Ayuso
2013-09-04 12:57 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).