diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-08-19 00:30:55 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-08-19 00:30:55 -0400 |
commit | 1575e7ea018fec992b94a12a1a491ce693ae9eac (patch) | |
tree | 5a93c71ea8ac0cb1ad0703c0ee03cd52aa268707 | |
parent | 46faec9858e8943226464dac50e205bf210d9174 (diff) |
netfilter: ctnetlink: fix double helper assignation for NAT'ed conntracks
If we create a conntrack that has NAT handlings and a helper, the helper
is assigned twice. This happens because nf_nat_setup_info() - via
nf_conntrack_alter_reply() - sets the helper before ctnetlink, which
indeed does not check if the conntrack already has a helper as it thinks that
it is a brand new conntrack.
The fix moves the helper assignation before the set of the status flags.
This avoids a bogus assertion in __nf_ct_ext_add (if netfilter assertions are
enabled) which checks that the conntrack must not be confirmed.
This problem was introduced in 2.6.23 with the netfilter extension
infrastructure.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 105a616c5c78..d1fb2f8555e8 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c | |||
@@ -1136,16 +1136,33 @@ ctnetlink_create_conntrack(struct nlattr *cda[], | |||
1136 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; | 1136 | ct->timeout.expires = jiffies + ct->timeout.expires * HZ; |
1137 | ct->status |= IPS_CONFIRMED; | 1137 | ct->status |= IPS_CONFIRMED; |
1138 | 1138 | ||
1139 | rcu_read_lock(); | ||
1140 | helper = __nf_ct_helper_find(rtuple); | ||
1141 | if (helper) { | ||
1142 | help = nf_ct_helper_ext_add(ct, GFP_KERNEL); | ||
1143 | if (help == NULL) { | ||
1144 | rcu_read_unlock(); | ||
1145 | err = -ENOMEM; | ||
1146 | goto err; | ||
1147 | } | ||
1148 | /* not in hash table yet so not strictly necessary */ | ||
1149 | rcu_assign_pointer(help->helper, helper); | ||
1150 | } | ||
1151 | |||
1139 | if (cda[CTA_STATUS]) { | 1152 | if (cda[CTA_STATUS]) { |
1140 | err = ctnetlink_change_status(ct, cda); | 1153 | err = ctnetlink_change_status(ct, cda); |
1141 | if (err < 0) | 1154 | if (err < 0) { |
1155 | rcu_read_unlock(); | ||
1142 | goto err; | 1156 | goto err; |
1157 | } | ||
1143 | } | 1158 | } |
1144 | 1159 | ||
1145 | if (cda[CTA_PROTOINFO]) { | 1160 | if (cda[CTA_PROTOINFO]) { |
1146 | err = ctnetlink_change_protoinfo(ct, cda); | 1161 | err = ctnetlink_change_protoinfo(ct, cda); |
1147 | if (err < 0) | 1162 | if (err < 0) { |
1163 | rcu_read_unlock(); | ||
1148 | goto err; | 1164 | goto err; |
1165 | } | ||
1149 | } | 1166 | } |
1150 | 1167 | ||
1151 | nf_ct_acct_ext_add(ct, GFP_KERNEL); | 1168 | nf_ct_acct_ext_add(ct, GFP_KERNEL); |
@@ -1155,19 +1172,6 @@ ctnetlink_create_conntrack(struct nlattr *cda[], | |||
1155 | ct->mark = ntohl(nla_get_be32(cda[CTA_MARK])); | 1172 | ct->mark = ntohl(nla_get_be32(cda[CTA_MARK])); |
1156 | #endif | 1173 | #endif |
1157 | 1174 | ||
1158 | rcu_read_lock(); | ||
1159 | helper = __nf_ct_helper_find(rtuple); | ||
1160 | if (helper) { | ||
1161 | help = nf_ct_helper_ext_add(ct, GFP_KERNEL); | ||
1162 | if (help == NULL) { | ||
1163 | rcu_read_unlock(); | ||
1164 | err = -ENOMEM; | ||
1165 | goto err; | ||
1166 | } | ||
1167 | /* not in hash table yet so not strictly necessary */ | ||
1168 | rcu_assign_pointer(help->helper, helper); | ||
1169 | } | ||
1170 | |||
1171 | /* setup master conntrack: this is a confirmed expectation */ | 1175 | /* setup master conntrack: this is a confirmed expectation */ |
1172 | if (master_ct) { | 1176 | if (master_ct) { |
1173 | __set_bit(IPS_EXPECTED_BIT, &ct->status); | 1177 | __set_bit(IPS_EXPECTED_BIT, &ct->status); |