diff options
| author | Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> | 2006-12-05 16:44:57 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-12-06 21:39:05 -0500 |
| commit | ece006416d4fb472f4d2114feede5665cff971b2 (patch) | |
| tree | e1f87f18c2a4d5c3994081a459c818ef4782b728 /net | |
| parent | 9ee0779e994c6916863045297b831212e285da3b (diff) | |
[NETFILTER]: nf_conntrack: Don't try to find clashed expectation
The original code continues loop to find expectation in list if the master
conntrack of the found expectation is unconfirmed. But it never success
in that case, because nf_conntrack_expect_related() never insert
clashed expectation to the list.
This stops loop in that case.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/nf_conntrack_expect.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c index 588d37937046..7df8f9a2f863 100644 --- a/net/netfilter/nf_conntrack_expect.c +++ b/net/netfilter/nf_conntrack_expect.c | |||
| @@ -91,25 +91,28 @@ EXPORT_SYMBOL_GPL(nf_conntrack_expect_find_get); | |||
| 91 | struct nf_conntrack_expect * | 91 | struct nf_conntrack_expect * |
| 92 | find_expectation(const struct nf_conntrack_tuple *tuple) | 92 | find_expectation(const struct nf_conntrack_tuple *tuple) |
| 93 | { | 93 | { |
| 94 | struct nf_conntrack_expect *i; | 94 | struct nf_conntrack_expect *exp; |
| 95 | |||
| 96 | exp = __nf_conntrack_expect_find(tuple); | ||
| 97 | if (!exp) | ||
| 98 | return NULL; | ||
| 95 | 99 | ||
| 96 | list_for_each_entry(i, &nf_conntrack_expect_list, list) { | ||
| 97 | /* If master is not in hash table yet (ie. packet hasn't left | 100 | /* If master is not in hash table yet (ie. packet hasn't left |
| 98 | this machine yet), how can other end know about expected? | 101 | this machine yet), how can other end know about expected? |
| 99 | Hence these are not the droids you are looking for (if | 102 | Hence these are not the droids you are looking for (if |
| 100 | master ct never got confirmed, we'd hold a reference to it | 103 | master ct never got confirmed, we'd hold a reference to it |
| 101 | and weird things would happen to future packets). */ | 104 | and weird things would happen to future packets). */ |
| 102 | if (nf_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask) | 105 | if (!nf_ct_is_confirmed(exp->master)) |
| 103 | && nf_ct_is_confirmed(i->master)) { | 106 | return NULL; |
| 104 | if (i->flags & NF_CT_EXPECT_PERMANENT) { | 107 | |
| 105 | atomic_inc(&i->use); | 108 | if (exp->flags & NF_CT_EXPECT_PERMANENT) { |
| 106 | return i; | 109 | atomic_inc(&exp->use); |
| 107 | } else if (del_timer(&i->timeout)) { | 110 | return exp; |
| 108 | nf_ct_unlink_expect(i); | 111 | } else if (del_timer(&exp->timeout)) { |
| 109 | return i; | 112 | nf_ct_unlink_expect(exp); |
| 110 | } | 113 | return exp; |
| 111 | } | ||
| 112 | } | 114 | } |
| 115 | |||
| 113 | return NULL; | 116 | return NULL; |
| 114 | } | 117 | } |
| 115 | 118 | ||