[NETFILTER 04/05]: nf_conntrack: Don't try to find clashed expectation

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 04/05]: nf_conntrack: Don't try to find clashed expectation
Date: Mon,  4 Dec 2006 11:56:02 +0100 (MET)	[thread overview]
Message-ID: <20061204105911.6456.18151.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20061204105906.6456.62345.sendpatchset@localhost.localdomain>

[NETFILTER]: nf_conntrack: Don't try to find clashed expectation

The original code continues loop to find expectation in list if the master
conntrack of the found expectation is unconfirmed. But it never success
in that case, because nf_conntrack_expect_related() never insert
clashed expectation to the list.

This stops loop in that case.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit b7c3fd1079bf21b37b3135466418a2576d7d5fa1
tree 20a30d94395b7015450663f73c1b58f85ed5814c
parent b8ef637f630bc2206673170e07800a8e537f95d8
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Mon, 04 Dec 2006 11:39:42 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 04 Dec 2006 11:39:42 +0100

 net/netfilter/nf_conntrack_expect.c |   27 +++++++++++++++------------
 1 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 588d379..7df8f9a 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -91,25 +91,28 @@ EXPORT_SYMBOL_GPL(nf_conntrack_expect_fi
 struct nf_conntrack_expect *
 find_expectation(const struct nf_conntrack_tuple *tuple)
 {
-	struct nf_conntrack_expect *i;
+	struct nf_conntrack_expect *exp;
+
+	exp = __nf_conntrack_expect_find(tuple);
+	if (!exp)
+		return NULL;
 
-	list_for_each_entry(i, &nf_conntrack_expect_list, list) {
 	/* If master is not in hash table yet (ie. packet hasn't left
 	   this machine yet), how can other end know about expected?
 	   Hence these are not the droids you are looking for (if
 	   master ct never got confirmed, we'd hold a reference to it
 	   and weird things would happen to future packets). */
-		if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask)
-		    && nf_ct_is_confirmed(i->master)) {
-			if (i->flags & NF_CT_EXPECT_PERMANENT) {
-				atomic_inc(&i->use);
-				return i;
-			} else if (del_timer(&i->timeout)) {
-				nf_ct_unlink_expect(i);
-				return i;
-			}
-		}
+	if (!nf_ct_is_confirmed(exp->master))
+		return NULL;
+
+	if (exp->flags & NF_CT_EXPECT_PERMANENT) {
+		atomic_inc(&exp->use);
+		return exp;
+	} else if (del_timer(&exp->timeout)) {
+		nf_ct_unlink_expect(exp);
+		return exp;
 	}
+
 	return NULL;
 }

next prev parent reply	other threads:[~2006-12-04 10:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-12-04 10:55 [NETFILTER 00/05]: Netfilter fixes Patrick McHardy
2006-12-04 10:55 ` [NETFILTER 01/05]: Fix {ip,ip6,arp}_tables hook validation Patrick McHardy
2006-12-04 10:55 ` [NETFILTER 02/05]: Fix iptables compat " Patrick McHardy
2006-12-04 10:56 ` [NETFILTER 03/05]: nf_conntrack: fix warning in PPTP helper Patrick McHardy
2006-12-04 10:56 ` Patrick McHardy [this message]
2006-12-04 10:56 ` [NETFILTER 05/05]: bridge netfilter: deal with martians correctly Patrick McHardy
2006-12-05 21:45 ` [NETFILTER 00/05]: Netfilter fixes David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:588d379 dfblob:7df8f9a )
 OR (
bs:"[NETFILTER 04/05]: nf_conntrack: Don't try to find clashed expectation" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061204105911.6456.18151.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).