diff options
author | Rusty Russell <rusty@rustcorp.com.au> | 2005-07-21 16:14:46 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-07-21 16:14:46 -0400 |
commit | 4acdbdbe5089c06d5e0c7e96783fcc4414ded00a (patch) | |
tree | 77629aef70bd92983518b6f5dd13c70a222c4cbb | |
parent | 4aa49d130df9209707a97786a55a3f584b7345e9 (diff) |
[NETFILTER]: ip_conntrack_expect_related must not free expectation
If a connection tracking helper tells us to expect a connection, and
we're already expecting that connection, we simply free the one they
gave us and return success.
The problem is that NAT helpers (eg. FTP) have to allocate the
expectation first (to see what port is available) then rewrite the
packet. If that rewrite fails, they try to remove the expectation,
but it was freed in ip_conntrack_expect_related.
This is one example of a larger problem: having registered the
expectation, the pointer is no longer ours to use. Reference counting
is needed for ctnetlink anyway, so introduce it now.
To have a single "put" path, we need to grab the reference to the
connection on creation, rather than open-coding it in the caller.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack_helper.h | 7 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_amanda.c | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 40 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_ftp.c | 14 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_irc.c | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 2 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_tftp.c | 8 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_amanda.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_ftp.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_irc.c | 4 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_tftp.c | 4 |
12 files changed, 46 insertions, 60 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 3781192ce159..f8da7ddeff3a 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h | |||
@@ -197,6 +197,9 @@ struct ip_conntrack_expect | |||
197 | /* Timer function; deletes the expectation. */ | 197 | /* Timer function; deletes the expectation. */ |
198 | struct timer_list timeout; | 198 | struct timer_list timeout; |
199 | 199 | ||
200 | /* Usage count. */ | ||
201 | atomic_t use; | ||
202 | |||
200 | #ifdef CONFIG_IP_NF_NAT_NEEDED | 203 | #ifdef CONFIG_IP_NF_NAT_NEEDED |
201 | /* This is the original per-proto part, used to map the | 204 | /* This is the original per-proto part, used to map the |
202 | * expected connection the way the recipient expects. */ | 205 | * expected connection the way the recipient expects. */ |
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h index b1bbba0a12cb..3692daa93dec 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h | |||
@@ -30,9 +30,10 @@ extern int ip_conntrack_helper_register(struct ip_conntrack_helper *); | |||
30 | extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *); | 30 | extern void ip_conntrack_helper_unregister(struct ip_conntrack_helper *); |
31 | 31 | ||
32 | /* Allocate space for an expectation: this is mandatory before calling | 32 | /* Allocate space for an expectation: this is mandatory before calling |
33 | ip_conntrack_expect_related. */ | 33 | ip_conntrack_expect_related. You will have to call put afterwards. */ |
34 | extern struct ip_conntrack_expect *ip_conntrack_expect_alloc(void); | 34 | extern struct ip_conntrack_expect * |
35 | extern void ip_conntrack_expect_free(struct ip_conntrack_expect *exp); | 35 | ip_conntrack_expect_alloc(struct ip_conntrack *master); |
36 | extern void ip_conntrack_expect_put(struct ip_conntrack_expect *exp); | ||
36 | 37 | ||
37 | /* Add an expected connection: can have more than one per connection */ | 38 | /* Add an expected connection: can have more than one per connection */ |
38 | extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp); | 39 | extern int ip_conntrack_expect_related(struct ip_conntrack_expect *exp); |
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c index a78a320eee08..01e1b58322a9 100644 --- a/net/ipv4/netfilter/ip_conntrack_amanda.c +++ b/net/ipv4/netfilter/ip_conntrack_amanda.c | |||
@@ -101,14 +101,13 @@ static int help(struct sk_buff **pskb, | |||
101 | if (port == 0 || len > 5) | 101 | if (port == 0 || len > 5) |
102 | break; | 102 | break; |
103 | 103 | ||
104 | exp = ip_conntrack_expect_alloc(); | 104 | exp = ip_conntrack_expect_alloc(ct); |
105 | if (exp == NULL) { | 105 | if (exp == NULL) { |
106 | ret = NF_DROP; | 106 | ret = NF_DROP; |
107 | goto out; | 107 | goto out; |
108 | } | 108 | } |
109 | 109 | ||
110 | exp->expectfn = NULL; | 110 | exp->expectfn = NULL; |
111 | exp->master = ct; | ||
112 | 111 | ||
113 | exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; | 112 | exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; |
114 | exp->tuple.src.u.tcp.port = 0; | 113 | exp->tuple.src.u.tcp.port = 0; |
@@ -126,10 +125,9 @@ static int help(struct sk_buff **pskb, | |||
126 | ret = ip_nat_amanda_hook(pskb, ctinfo, | 125 | ret = ip_nat_amanda_hook(pskb, ctinfo, |
127 | tmp - amanda_buffer, | 126 | tmp - amanda_buffer, |
128 | len, exp); | 127 | len, exp); |
129 | else if (ip_conntrack_expect_related(exp) != 0) { | 128 | else if (ip_conntrack_expect_related(exp) != 0) |
130 | ip_conntrack_expect_free(exp); | ||
131 | ret = NF_DROP; | 129 | ret = NF_DROP; |
132 | } | 130 | ip_conntrack_expect_put(exp); |
133 | } | 131 | } |
134 | 132 | ||
135 | out: | 133 | out: |
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 4b78ebeb6635..14af55cad5d6 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -137,19 +137,12 @@ ip_ct_invert_tuple(struct ip_conntrack_tuple *inverse, | |||
137 | 137 | ||
138 | 138 | ||
139 | /* ip_conntrack_expect helper functions */ | 139 | /* ip_conntrack_expect helper functions */ |
140 | static void destroy_expect(struct ip_conntrack_expect *exp) | ||
141 | { | ||
142 | ip_conntrack_put(exp->master); | ||
143 | IP_NF_ASSERT(!timer_pending(&exp->timeout)); | ||
144 | kmem_cache_free(ip_conntrack_expect_cachep, exp); | ||
145 | CONNTRACK_STAT_INC(expect_delete); | ||
146 | } | ||
147 | |||
148 | static void unlink_expect(struct ip_conntrack_expect *exp) | 140 | static void unlink_expect(struct ip_conntrack_expect *exp) |
149 | { | 141 | { |
150 | ASSERT_WRITE_LOCK(&ip_conntrack_lock); | 142 | ASSERT_WRITE_LOCK(&ip_conntrack_lock); |
143 | IP_NF_ASSERT(!timer_pending(&exp->timeout)); | ||
151 | list_del(&exp->list); | 144 | list_del(&exp->list); |
152 | /* Logically in destroy_expect, but we hold the lock here. */ | 145 | CONNTRACK_STAT_INC(expect_delete); |
153 | exp->master->expecting--; | 146 | exp->master->expecting--; |
154 | } | 147 | } |
155 | 148 | ||
@@ -160,7 +153,7 @@ static void expectation_timed_out(unsigned long ul_expect) | |||
160 | write_lock_bh(&ip_conntrack_lock); | 153 | write_lock_bh(&ip_conntrack_lock); |
161 | unlink_expect(exp); | 154 | unlink_expect(exp); |
162 | write_unlock_bh(&ip_conntrack_lock); | 155 | write_unlock_bh(&ip_conntrack_lock); |
163 | destroy_expect(exp); | 156 | ip_conntrack_expect_put(exp); |
164 | } | 157 | } |
165 | 158 | ||
166 | /* If an expectation for this connection is found, it gets delete from | 159 | /* If an expectation for this connection is found, it gets delete from |
@@ -198,7 +191,7 @@ static void remove_expectations(struct ip_conntrack *ct) | |||
198 | list_for_each_entry_safe(i, tmp, &ip_conntrack_expect_list, list) { | 191 | list_for_each_entry_safe(i, tmp, &ip_conntrack_expect_list, list) { |
199 | if (i->master == ct && del_timer(&i->timeout)) { | 192 | if (i->master == ct && del_timer(&i->timeout)) { |
200 | unlink_expect(i); | 193 | unlink_expect(i); |
201 | destroy_expect(i); | 194 | ip_conntrack_expect_put(i); |
202 | } | 195 | } |
203 | } | 196 | } |
204 | } | 197 | } |
@@ -537,7 +530,7 @@ init_conntrack(const struct ip_conntrack_tuple *tuple, | |||
537 | if (exp) { | 530 | if (exp) { |
538 | if (exp->expectfn) | 531 | if (exp->expectfn) |
539 | exp->expectfn(conntrack, exp); | 532 | exp->expectfn(conntrack, exp); |
540 | destroy_expect(exp); | 533 | ip_conntrack_expect_put(exp); |
541 | } | 534 | } |
542 | 535 | ||
543 | return &conntrack->tuplehash[IP_CT_DIR_ORIGINAL]; | 536 | return &conntrack->tuplehash[IP_CT_DIR_ORIGINAL]; |
@@ -729,14 +722,14 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp) | |||
729 | if (expect_matches(i, exp) && del_timer(&i->timeout)) { | 722 | if (expect_matches(i, exp) && del_timer(&i->timeout)) { |
730 | unlink_expect(i); | 723 | unlink_expect(i); |
731 | write_unlock_bh(&ip_conntrack_lock); | 724 | write_unlock_bh(&ip_conntrack_lock); |
732 | destroy_expect(i); | 725 | ip_conntrack_expect_put(i); |
733 | return; | 726 | return; |
734 | } | 727 | } |
735 | } | 728 | } |
736 | write_unlock_bh(&ip_conntrack_lock); | 729 | write_unlock_bh(&ip_conntrack_lock); |
737 | } | 730 | } |
738 | 731 | ||
739 | struct ip_conntrack_expect *ip_conntrack_expect_alloc(void) | 732 | struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) |
740 | { | 733 | { |
741 | struct ip_conntrack_expect *new; | 734 | struct ip_conntrack_expect *new; |
742 | 735 | ||
@@ -745,18 +738,23 @@ struct ip_conntrack_expect *ip_conntrack_expect_alloc(void) | |||
745 | DEBUGP("expect_related: OOM allocating expect\n"); | 738 | DEBUGP("expect_related: OOM allocating expect\n"); |
746 | return NULL; | 739 | return NULL; |
747 | } | 740 | } |
748 | new->master = NULL; | 741 | new->master = me; |
742 | atomic_inc(&new->master->ct_general.use); | ||
743 | atomic_set(&new->use, 1); | ||
749 | return new; | 744 | return new; |
750 | } | 745 | } |
751 | 746 | ||
752 | void ip_conntrack_expect_free(struct ip_conntrack_expect *expect) | 747 | void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) |
753 | { | 748 | { |
754 | kmem_cache_free(ip_conntrack_expect_cachep, expect); | 749 | if (atomic_dec_and_test(&exp->use)) { |
750 | ip_conntrack_put(exp->master); | ||
751 | kmem_cache_free(ip_conntrack_expect_cachep, exp); | ||
752 | } | ||
755 | } | 753 | } |
756 | 754 | ||
757 | static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp) | 755 | static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp) |
758 | { | 756 | { |
759 | atomic_inc(&exp->master->ct_general.use); | 757 | atomic_inc(&exp->use); |
760 | exp->master->expecting++; | 758 | exp->master->expecting++; |
761 | list_add(&exp->list, &ip_conntrack_expect_list); | 759 | list_add(&exp->list, &ip_conntrack_expect_list); |
762 | 760 | ||
@@ -778,7 +776,7 @@ static void evict_oldest_expect(struct ip_conntrack *master) | |||
778 | if (i->master == master) { | 776 | if (i->master == master) { |
779 | if (del_timer(&i->timeout)) { | 777 | if (del_timer(&i->timeout)) { |
780 | unlink_expect(i); | 778 | unlink_expect(i); |
781 | destroy_expect(i); | 779 | ip_conntrack_expect_put(i); |
782 | } | 780 | } |
783 | break; | 781 | break; |
784 | } | 782 | } |
@@ -810,8 +808,6 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect) | |||
810 | /* Refresh timer: if it's dying, ignore.. */ | 808 | /* Refresh timer: if it's dying, ignore.. */ |
811 | if (refresh_timer(i)) { | 809 | if (refresh_timer(i)) { |
812 | ret = 0; | 810 | ret = 0; |
813 | /* We don't need the one they've given us. */ | ||
814 | ip_conntrack_expect_free(expect); | ||
815 | goto out; | 811 | goto out; |
816 | } | 812 | } |
817 | } else if (expect_clash(i, expect)) { | 813 | } else if (expect_clash(i, expect)) { |
@@ -881,7 +877,7 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me) | |||
881 | list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list, list) { | 877 | list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list, list) { |
882 | if (exp->master->helper == me && del_timer(&exp->timeout)) { | 878 | if (exp->master->helper == me && del_timer(&exp->timeout)) { |
883 | unlink_expect(exp); | 879 | unlink_expect(exp); |
884 | destroy_expect(exp); | 880 | ip_conntrack_expect_put(exp); |
885 | } | 881 | } |
886 | } | 882 | } |
887 | /* Get rid of expecteds, set helpers to NULL. */ | 883 | /* Get rid of expecteds, set helpers to NULL. */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c index fea6dd2a00b6..7a3b773be3f9 100644 --- a/net/ipv4/netfilter/ip_conntrack_ftp.c +++ b/net/ipv4/netfilter/ip_conntrack_ftp.c | |||
@@ -376,7 +376,7 @@ static int help(struct sk_buff **pskb, | |||
376 | fb_ptr + matchoff, matchlen, ntohl(th->seq) + matchoff); | 376 | fb_ptr + matchoff, matchlen, ntohl(th->seq) + matchoff); |
377 | 377 | ||
378 | /* Allocate expectation which will be inserted */ | 378 | /* Allocate expectation which will be inserted */ |
379 | exp = ip_conntrack_expect_alloc(); | 379 | exp = ip_conntrack_expect_alloc(ct); |
380 | if (exp == NULL) { | 380 | if (exp == NULL) { |
381 | ret = NF_DROP; | 381 | ret = NF_DROP; |
382 | goto out; | 382 | goto out; |
@@ -403,8 +403,7 @@ static int help(struct sk_buff **pskb, | |||
403 | networks, or the packet filter itself). */ | 403 | networks, or the packet filter itself). */ |
404 | if (!loose) { | 404 | if (!loose) { |
405 | ret = NF_ACCEPT; | 405 | ret = NF_ACCEPT; |
406 | ip_conntrack_expect_free(exp); | 406 | goto out_put_expect; |
407 | goto out_update_nl; | ||
408 | } | 407 | } |
409 | exp->tuple.dst.ip = htonl((array[0] << 24) | (array[1] << 16) | 408 | exp->tuple.dst.ip = htonl((array[0] << 24) | (array[1] << 16) |
410 | | (array[2] << 8) | array[3]); | 409 | | (array[2] << 8) | array[3]); |
@@ -419,7 +418,6 @@ static int help(struct sk_buff **pskb, | |||
419 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); | 418 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); |
420 | 419 | ||
421 | exp->expectfn = NULL; | 420 | exp->expectfn = NULL; |
422 | exp->master = ct; | ||
423 | 421 | ||
424 | /* Now, NAT might want to mangle the packet, and register the | 422 | /* Now, NAT might want to mangle the packet, and register the |
425 | * (possibly changed) expectation itself. */ | 423 | * (possibly changed) expectation itself. */ |
@@ -428,13 +426,15 @@ static int help(struct sk_buff **pskb, | |||
428 | matchoff, matchlen, exp, &seq); | 426 | matchoff, matchlen, exp, &seq); |
429 | else { | 427 | else { |
430 | /* Can't expect this? Best to drop packet now. */ | 428 | /* Can't expect this? Best to drop packet now. */ |
431 | if (ip_conntrack_expect_related(exp) != 0) { | 429 | if (ip_conntrack_expect_related(exp) != 0) |
432 | ip_conntrack_expect_free(exp); | ||
433 | ret = NF_DROP; | 430 | ret = NF_DROP; |
434 | } else | 431 | else |
435 | ret = NF_ACCEPT; | 432 | ret = NF_ACCEPT; |
436 | } | 433 | } |
437 | 434 | ||
435 | out_put_expect: | ||
436 | ip_conntrack_expect_put(exp); | ||
437 | |||
438 | out_update_nl: | 438 | out_update_nl: |
439 | /* Now if this ends in \n, update ftp info. Seq may have been | 439 | /* Now if this ends in \n, update ftp info. Seq may have been |
440 | * adjusted by NAT code. */ | 440 | * adjusted by NAT code. */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c index cd98772cc332..4a28f297d502 100644 --- a/net/ipv4/netfilter/ip_conntrack_irc.c +++ b/net/ipv4/netfilter/ip_conntrack_irc.c | |||
@@ -197,7 +197,7 @@ static int help(struct sk_buff **pskb, | |||
197 | continue; | 197 | continue; |
198 | } | 198 | } |
199 | 199 | ||
200 | exp = ip_conntrack_expect_alloc(); | 200 | exp = ip_conntrack_expect_alloc(ct); |
201 | if (exp == NULL) { | 201 | if (exp == NULL) { |
202 | ret = NF_DROP; | 202 | ret = NF_DROP; |
203 | goto out; | 203 | goto out; |
@@ -221,16 +221,14 @@ static int help(struct sk_buff **pskb, | |||
221 | { { 0, { 0 } }, | 221 | { { 0, { 0 } }, |
222 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); | 222 | { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }}); |
223 | exp->expectfn = NULL; | 223 | exp->expectfn = NULL; |
224 | exp->master = ct; | ||
225 | if (ip_nat_irc_hook) | 224 | if (ip_nat_irc_hook) |
226 | ret = ip_nat_irc_hook(pskb, ctinfo, | 225 | ret = ip_nat_irc_hook(pskb, ctinfo, |
227 | addr_beg_p - ib_ptr, | 226 | addr_beg_p - ib_ptr, |
228 | addr_end_p - addr_beg_p, | 227 | addr_end_p - addr_beg_p, |
229 | exp); | 228 | exp); |
230 | else if (ip_conntrack_expect_related(exp) != 0) { | 229 | else if (ip_conntrack_expect_related(exp) != 0) |
231 | ip_conntrack_expect_free(exp); | ||
232 | ret = NF_DROP; | 230 | ret = NF_DROP; |
233 | } | 231 | ip_conntrack_expect_put(exp); |
234 | goto out; | 232 | goto out; |
235 | } /* for .. NUM_DCCPROTO */ | 233 | } /* for .. NUM_DCCPROTO */ |
236 | } /* while data < ... */ | 234 | } /* while data < ... */ |
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 1dd824f3cf0a..61798c46e91d 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
@@ -985,7 +985,7 @@ EXPORT_SYMBOL(ip_ct_refresh_acct); | |||
985 | EXPORT_SYMBOL(ip_ct_protos); | 985 | EXPORT_SYMBOL(ip_ct_protos); |
986 | EXPORT_SYMBOL(ip_ct_find_proto); | 986 | EXPORT_SYMBOL(ip_ct_find_proto); |
987 | EXPORT_SYMBOL(ip_conntrack_expect_alloc); | 987 | EXPORT_SYMBOL(ip_conntrack_expect_alloc); |
988 | EXPORT_SYMBOL(ip_conntrack_expect_free); | 988 | EXPORT_SYMBOL(ip_conntrack_expect_put); |
989 | EXPORT_SYMBOL(ip_conntrack_expect_related); | 989 | EXPORT_SYMBOL(ip_conntrack_expect_related); |
990 | EXPORT_SYMBOL(ip_conntrack_unexpect_related); | 990 | EXPORT_SYMBOL(ip_conntrack_unexpect_related); |
991 | EXPORT_SYMBOL(ip_conntrack_tuple_taken); | 991 | EXPORT_SYMBOL(ip_conntrack_tuple_taken); |
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c index 992fac3e36ee..f8ff170f390a 100644 --- a/net/ipv4/netfilter/ip_conntrack_tftp.c +++ b/net/ipv4/netfilter/ip_conntrack_tftp.c | |||
@@ -65,7 +65,7 @@ static int tftp_help(struct sk_buff **pskb, | |||
65 | DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); | 65 | DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); |
66 | DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); | 66 | DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); |
67 | 67 | ||
68 | exp = ip_conntrack_expect_alloc(); | 68 | exp = ip_conntrack_expect_alloc(ct); |
69 | if (exp == NULL) | 69 | if (exp == NULL) |
70 | return NF_DROP; | 70 | return NF_DROP; |
71 | 71 | ||
@@ -75,17 +75,15 @@ static int tftp_help(struct sk_buff **pskb, | |||
75 | exp->mask.dst.u.udp.port = 0xffff; | 75 | exp->mask.dst.u.udp.port = 0xffff; |
76 | exp->mask.dst.protonum = 0xff; | 76 | exp->mask.dst.protonum = 0xff; |
77 | exp->expectfn = NULL; | 77 | exp->expectfn = NULL; |
78 | exp->master = ct; | ||
79 | 78 | ||
80 | DEBUGP("expect: "); | 79 | DEBUGP("expect: "); |
81 | DUMP_TUPLE(&exp->tuple); | 80 | DUMP_TUPLE(&exp->tuple); |
82 | DUMP_TUPLE(&exp->mask); | 81 | DUMP_TUPLE(&exp->mask); |
83 | if (ip_nat_tftp_hook) | 82 | if (ip_nat_tftp_hook) |
84 | ret = ip_nat_tftp_hook(pskb, ctinfo, exp); | 83 | ret = ip_nat_tftp_hook(pskb, ctinfo, exp); |
85 | else if (ip_conntrack_expect_related(exp) != 0) { | 84 | else if (ip_conntrack_expect_related(exp) != 0) |
86 | ip_conntrack_expect_free(exp); | ||
87 | ret = NF_DROP; | 85 | ret = NF_DROP; |
88 | } | 86 | ip_conntrack_expect_put(exp); |
89 | break; | 87 | break; |
90 | case TFTP_OPCODE_DATA: | 88 | case TFTP_OPCODE_DATA: |
91 | case TFTP_OPCODE_ACK: | 89 | case TFTP_OPCODE_ACK: |
diff --git a/net/ipv4/netfilter/ip_nat_amanda.c b/net/ipv4/netfilter/ip_nat_amanda.c index da1f412583ed..706c8074f422 100644 --- a/net/ipv4/netfilter/ip_nat_amanda.c +++ b/net/ipv4/netfilter/ip_nat_amanda.c | |||
@@ -56,10 +56,8 @@ static unsigned int help(struct sk_buff **pskb, | |||
56 | break; | 56 | break; |
57 | } | 57 | } |
58 | 58 | ||
59 | if (port == 0) { | 59 | if (port == 0) |
60 | ip_conntrack_expect_free(exp); | ||
61 | return NF_DROP; | 60 | return NF_DROP; |
62 | } | ||
63 | 61 | ||
64 | sprintf(buffer, "%u", port); | 62 | sprintf(buffer, "%u", port); |
65 | ret = ip_nat_mangle_udp_packet(pskb, exp->master, ctinfo, | 63 | ret = ip_nat_mangle_udp_packet(pskb, exp->master, ctinfo, |
diff --git a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c index c6000e794ad6..d83757a70d9f 100644 --- a/net/ipv4/netfilter/ip_nat_ftp.c +++ b/net/ipv4/netfilter/ip_nat_ftp.c | |||
@@ -143,10 +143,8 @@ static unsigned int ip_nat_ftp(struct sk_buff **pskb, | |||
143 | break; | 143 | break; |
144 | } | 144 | } |
145 | 145 | ||
146 | if (port == 0) { | 146 | if (port == 0) |
147 | ip_conntrack_expect_free(exp); | ||
148 | return NF_DROP; | 147 | return NF_DROP; |
149 | } | ||
150 | 148 | ||
151 | if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo, | 149 | if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo, |
152 | seq)) { | 150 | seq)) { |
diff --git a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c index 9c1ca3381d56..de31942babe3 100644 --- a/net/ipv4/netfilter/ip_nat_irc.c +++ b/net/ipv4/netfilter/ip_nat_irc.c | |||
@@ -65,10 +65,8 @@ static unsigned int help(struct sk_buff **pskb, | |||
65 | break; | 65 | break; |
66 | } | 66 | } |
67 | 67 | ||
68 | if (port == 0) { | 68 | if (port == 0) |
69 | ip_conntrack_expect_free(exp); | ||
70 | return NF_DROP; | 69 | return NF_DROP; |
71 | } | ||
72 | 70 | ||
73 | /* strlen("\1DCC CHAT chat AAAAAAAA P\1\n")=27 | 71 | /* strlen("\1DCC CHAT chat AAAAAAAA P\1\n")=27 |
74 | * strlen("\1DCC SCHAT chat AAAAAAAA P\1\n")=28 | 72 | * strlen("\1DCC SCHAT chat AAAAAAAA P\1\n")=28 |
diff --git a/net/ipv4/netfilter/ip_nat_tftp.c b/net/ipv4/netfilter/ip_nat_tftp.c index 0343e0d64674..2215317c76b7 100644 --- a/net/ipv4/netfilter/ip_nat_tftp.c +++ b/net/ipv4/netfilter/ip_nat_tftp.c | |||
@@ -45,10 +45,8 @@ static unsigned int help(struct sk_buff **pskb, | |||
45 | exp->saved_proto.udp.port = exp->tuple.dst.u.tcp.port; | 45 | exp->saved_proto.udp.port = exp->tuple.dst.u.tcp.port; |
46 | exp->dir = IP_CT_DIR_REPLY; | 46 | exp->dir = IP_CT_DIR_REPLY; |
47 | exp->expectfn = ip_nat_follow_master; | 47 | exp->expectfn = ip_nat_follow_master; |
48 | if (ip_conntrack_expect_related(exp) != 0) { | 48 | if (ip_conntrack_expect_related(exp) != 0) |
49 | ip_conntrack_expect_free(exp); | ||
50 | return NF_DROP; | 49 | return NF_DROP; |
51 | } | ||
52 | return NF_ACCEPT; | 50 | return NF_ACCEPT; |
53 | } | 51 | } |
54 | 52 | ||