diff options
author | David S. Miller <davem@davemloft.net> | 2010-05-21 02:12:18 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-05-21 02:12:18 -0400 |
commit | 41499bd6766314079417d1467c466d31b8612fec (patch) | |
tree | 5ce777cd47603977ee55059891c67b8a420e05a1 /net/netfilter | |
parent | 622e0ca1cd4d459f5af4f2c65f4dc0dd823cb4c3 (diff) | |
parent | 7ea7b858f4bc4fa1645f1327cf9e72c93981aa58 (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 10 | ||||
-rw-r--r-- | net/netfilter/nf_conntrack_sip.c | 12 |
2 files changed, 14 insertions, 8 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index b83c530c5e0a..eeeb8bc73982 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
@@ -424,6 +424,16 @@ __nf_conntrack_confirm(struct sk_buff *skb) | |||
424 | 424 | ||
425 | spin_lock_bh(&nf_conntrack_lock); | 425 | spin_lock_bh(&nf_conntrack_lock); |
426 | 426 | ||
427 | /* We have to check the DYING flag inside the lock to prevent | ||
428 | a race against nf_ct_get_next_corpse() possibly called from | ||
429 | user context, else we insert an already 'dead' hash, blocking | ||
430 | further use of that particular connection -JM */ | ||
431 | |||
432 | if (unlikely(nf_ct_is_dying(ct))) { | ||
433 | spin_unlock_bh(&nf_conntrack_lock); | ||
434 | return NF_ACCEPT; | ||
435 | } | ||
436 | |||
427 | /* See if there's one in the list already, including reverse: | 437 | /* See if there's one in the list already, including reverse: |
428 | NAT could have grabbed it without realizing, since we're | 438 | NAT could have grabbed it without realizing, since we're |
429 | not in the hash. If there is, we lost race. */ | 439 | not in the hash. If there is, we lost race. */ |
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c index b20f4275893c..53d892210a04 100644 --- a/net/netfilter/nf_conntrack_sip.c +++ b/net/netfilter/nf_conntrack_sip.c | |||
@@ -1393,10 +1393,8 @@ static int sip_help_tcp(struct sk_buff *skb, unsigned int protoff, | |||
1393 | 1393 | ||
1394 | nf_ct_refresh(ct, skb, sip_timeout * HZ); | 1394 | nf_ct_refresh(ct, skb, sip_timeout * HZ); |
1395 | 1395 | ||
1396 | if (skb_is_nonlinear(skb)) { | 1396 | if (unlikely(skb_linearize(skb))) |
1397 | pr_debug("Copy of skbuff not supported yet.\n"); | 1397 | return NF_DROP; |
1398 | return NF_ACCEPT; | ||
1399 | } | ||
1400 | 1398 | ||
1401 | dptr = skb->data + dataoff; | 1399 | dptr = skb->data + dataoff; |
1402 | datalen = skb->len - dataoff; | 1400 | datalen = skb->len - dataoff; |
@@ -1455,10 +1453,8 @@ static int sip_help_udp(struct sk_buff *skb, unsigned int protoff, | |||
1455 | 1453 | ||
1456 | nf_ct_refresh(ct, skb, sip_timeout * HZ); | 1454 | nf_ct_refresh(ct, skb, sip_timeout * HZ); |
1457 | 1455 | ||
1458 | if (skb_is_nonlinear(skb)) { | 1456 | if (unlikely(skb_linearize(skb))) |
1459 | pr_debug("Copy of skbuff not supported yet.\n"); | 1457 | return NF_DROP; |
1460 | return NF_ACCEPT; | ||
1461 | } | ||
1462 | 1458 | ||
1463 | dptr = skb->data + dataoff; | 1459 | dptr = skb->data + dataoff; |
1464 | datalen = skb->len - dataoff; | 1460 | datalen = skb->len - dataoff; |