diff options
| author | Patrick McHardy <kaber@trash.net> | 2007-02-12 14:13:58 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2007-02-12 14:13:58 -0500 |
| commit | 6b48a7d08d1bb2e3932bce1662fe411304acc18f (patch) | |
| tree | f0405cee3ff4fb3898a2a691e25cd77c31e392d8 | |
| parent | c0e912d7ed8999f87fa7f084928aac1266e251f3 (diff) | |
[NETFILTER]: ip_conntrack: properly use RCU for ip_conntrack_destroyed callback
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 9 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_core.c | 7 |
2 files changed, 10 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index a7e34d007ab0..07ba1dd136b5 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
| @@ -303,6 +303,7 @@ destroy_conntrack(struct nf_conntrack *nfct) | |||
| 303 | struct ip_conntrack *ct = (struct ip_conntrack *)nfct; | 303 | struct ip_conntrack *ct = (struct ip_conntrack *)nfct; |
| 304 | struct ip_conntrack_protocol *proto; | 304 | struct ip_conntrack_protocol *proto; |
| 305 | struct ip_conntrack_helper *helper; | 305 | struct ip_conntrack_helper *helper; |
| 306 | typeof(ip_conntrack_destroyed) destroyed; | ||
| 306 | 307 | ||
| 307 | DEBUGP("destroy_conntrack(%p)\n", ct); | 308 | DEBUGP("destroy_conntrack(%p)\n", ct); |
| 308 | IP_NF_ASSERT(atomic_read(&nfct->use) == 0); | 309 | IP_NF_ASSERT(atomic_read(&nfct->use) == 0); |
| @@ -322,10 +323,12 @@ destroy_conntrack(struct nf_conntrack *nfct) | |||
| 322 | proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum); | 323 | proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum); |
| 323 | if (proto && proto->destroy) | 324 | if (proto && proto->destroy) |
| 324 | proto->destroy(ct); | 325 | proto->destroy(ct); |
| 325 | rcu_read_unlock(); | ||
| 326 | 326 | ||
| 327 | if (ip_conntrack_destroyed) | 327 | destroyed = rcu_dereference(ip_conntrack_destroyed); |
| 328 | ip_conntrack_destroyed(ct); | 328 | if (destroyed) |
| 329 | destroyed(ct); | ||
| 330 | |||
| 331 | rcu_read_unlock(); | ||
| 329 | 332 | ||
| 330 | write_lock_bh(&ip_conntrack_lock); | 333 | write_lock_bh(&ip_conntrack_lock); |
| 331 | /* Expectations will have been removed in clean_from_lists, | 334 | /* Expectations will have been removed in clean_from_lists, |
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index 18daabc22069..40737fdbe9a7 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c | |||
| @@ -604,8 +604,8 @@ static int __init ip_nat_init(void) | |||
| 604 | } | 604 | } |
| 605 | 605 | ||
| 606 | /* FIXME: Man, this is a hack. <SIGH> */ | 606 | /* FIXME: Man, this is a hack. <SIGH> */ |
| 607 | IP_NF_ASSERT(ip_conntrack_destroyed == NULL); | 607 | IP_NF_ASSERT(rcu_dereference(ip_conntrack_destroyed) == NULL); |
| 608 | ip_conntrack_destroyed = &ip_nat_cleanup_conntrack; | 608 | rcu_assign_pointer(ip_conntrack_destroyed, ip_nat_cleanup_conntrack); |
| 609 | 609 | ||
| 610 | /* Initialize fake conntrack so that NAT will skip it */ | 610 | /* Initialize fake conntrack so that NAT will skip it */ |
| 611 | ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK; | 611 | ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK; |
| @@ -623,7 +623,8 @@ static int clean_nat(struct ip_conntrack *i, void *data) | |||
| 623 | static void __exit ip_nat_cleanup(void) | 623 | static void __exit ip_nat_cleanup(void) |
| 624 | { | 624 | { |
| 625 | ip_ct_iterate_cleanup(&clean_nat, NULL); | 625 | ip_ct_iterate_cleanup(&clean_nat, NULL); |
| 626 | ip_conntrack_destroyed = NULL; | 626 | rcu_assign_pointer(ip_conntrack_destroyed, NULL); |
| 627 | synchronize_rcu(); | ||
| 627 | vfree(bysource); | 628 | vfree(bysource); |
| 628 | } | 629 | } |
| 629 | 630 | ||