aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-02-12 14:13:58 -0500
committerDavid S. Miller <davem@davemloft.net>2007-02-12 14:13:58 -0500
commit6b48a7d08d1bb2e3932bce1662fe411304acc18f (patch)
treef0405cee3ff4fb3898a2a691e25cd77c31e392d8 /net
parentc0e912d7ed8999f87fa7f084928aac1266e251f3 (diff)
[NETFILTER]: ip_conntrack: properly use RCU for ip_conntrack_destroyed callback
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c9
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c7
2 files changed, 10 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index a7e34d007ab0..07ba1dd136b5 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -303,6 +303,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
303 struct ip_conntrack *ct = (struct ip_conntrack *)nfct; 303 struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
304 struct ip_conntrack_protocol *proto; 304 struct ip_conntrack_protocol *proto;
305 struct ip_conntrack_helper *helper; 305 struct ip_conntrack_helper *helper;
306 typeof(ip_conntrack_destroyed) destroyed;
306 307
307 DEBUGP("destroy_conntrack(%p)\n", ct); 308 DEBUGP("destroy_conntrack(%p)\n", ct);
308 IP_NF_ASSERT(atomic_read(&nfct->use) == 0); 309 IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
@@ -322,10 +323,12 @@ destroy_conntrack(struct nf_conntrack *nfct)
322 proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum); 323 proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
323 if (proto && proto->destroy) 324 if (proto && proto->destroy)
324 proto->destroy(ct); 325 proto->destroy(ct);
325 rcu_read_unlock();
326 326
327 if (ip_conntrack_destroyed) 327 destroyed = rcu_dereference(ip_conntrack_destroyed);
328 ip_conntrack_destroyed(ct); 328 if (destroyed)
329 destroyed(ct);
330
331 rcu_read_unlock();
329 332
330 write_lock_bh(&ip_conntrack_lock); 333 write_lock_bh(&ip_conntrack_lock);
331 /* Expectations will have been removed in clean_from_lists, 334 /* Expectations will have been removed in clean_from_lists,
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index 18daabc22069..40737fdbe9a7 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -604,8 +604,8 @@ static int __init ip_nat_init(void)
604 } 604 }
605 605
606 /* FIXME: Man, this is a hack. <SIGH> */ 606 /* FIXME: Man, this is a hack. <SIGH> */
607 IP_NF_ASSERT(ip_conntrack_destroyed == NULL); 607 IP_NF_ASSERT(rcu_dereference(ip_conntrack_destroyed) == NULL);
608 ip_conntrack_destroyed = &ip_nat_cleanup_conntrack; 608 rcu_assign_pointer(ip_conntrack_destroyed, ip_nat_cleanup_conntrack);
609 609
610 /* Initialize fake conntrack so that NAT will skip it */ 610 /* Initialize fake conntrack so that NAT will skip it */
611 ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK; 611 ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
@@ -623,7 +623,8 @@ static int clean_nat(struct ip_conntrack *i, void *data)
623static void __exit ip_nat_cleanup(void) 623static void __exit ip_nat_cleanup(void)
624{ 624{
625 ip_ct_iterate_cleanup(&clean_nat, NULL); 625 ip_ct_iterate_cleanup(&clean_nat, NULL);
626 ip_conntrack_destroyed = NULL; 626 rcu_assign_pointer(ip_conntrack_destroyed, NULL);
627 synchronize_rcu();
627 vfree(bysource); 628 vfree(bysource);
628} 629}
629 630