aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-02-12 14:12:57 -0500
committerDavid S. Miller <davem@davemloft.net>2007-02-12 14:12:57 -0500
commit923f4902fefdf4e89b0fb32c4e069d4f57d704f5 (patch)
tree2fad9f83c0e6da178f5167f6efb2b75cbe28c68e /net/ipv4
parent642d628b2c92e5283bbd3c849c7099c64ab68856 (diff)
[NETFILTER]: nf_conntrack: properly use RCU API for nf_ct_protos/nf_ct_l3protos arrays
Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in all paths not obviously only used within packet process context (nfnetlink_conntrack). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_core.c9
2 files changed, 7 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 677b6c80c618..e5aa4d849b00 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -170,7 +170,9 @@ icmp_error_message(struct sk_buff *skb,
170 return -NF_ACCEPT; 170 return -NF_ACCEPT;
171 } 171 }
172 172
173 /* rcu_read_lock()ed by nf_hook_slow */
173 innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol); 174 innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
175
174 dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp); 176 dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp);
175 /* Are they talking about one of our connections? */ 177 /* Are they talking about one of our connections? */
176 if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET, 178 if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET,
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 6d0061f05810..5156d5d6c3b8 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -429,6 +429,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
429 struct icmphdr icmp; 429 struct icmphdr icmp;
430 struct iphdr ip; 430 struct iphdr ip;
431 } *inside; 431 } *inside;
432 struct nf_conntrack_l4proto *l4proto;
432 struct nf_conntrack_tuple inner, target; 433 struct nf_conntrack_tuple inner, target;
433 int hdrlen = (*pskb)->nh.iph->ihl * 4; 434 int hdrlen = (*pskb)->nh.iph->ihl * 4;
434 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); 435 enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
@@ -464,16 +465,16 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
464 DEBUGP("icmp_reply_translation: translating error %p manp %u dir %s\n", 465 DEBUGP("icmp_reply_translation: translating error %p manp %u dir %s\n",
465 *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY"); 466 *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
466 467
468 /* rcu_read_lock()ed by nf_hook_slow */
469 l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
470
467 if (!nf_ct_get_tuple(*pskb, 471 if (!nf_ct_get_tuple(*pskb,
468 (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr), 472 (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr),
469 (*pskb)->nh.iph->ihl*4 + 473 (*pskb)->nh.iph->ihl*4 +
470 sizeof(struct icmphdr) + inside->ip.ihl*4, 474 sizeof(struct icmphdr) + inside->ip.ihl*4,
471 (u_int16_t)AF_INET, 475 (u_int16_t)AF_INET,
472 inside->ip.protocol, 476 inside->ip.protocol,
473 &inner, 477 &inner, l3proto, l4proto))
474 l3proto,
475 __nf_ct_l4proto_find((u_int16_t)PF_INET,
476 inside->ip.protocol)))
477 return 0; 478 return 0;
478 479
479 /* Change inner back to look like incoming packet. We do the 480 /* Change inner back to look like incoming packet. We do the
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-14 21:11:07 -0500