diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2005-09-06 18:10:23 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-09-06 18:10:23 -0400 |
commit | 91c46e2e60da0b43a1e8740729737318862f64eb (patch) | |
tree | 9391e8fd9376919c0adcaf319581f642dac211f5 /net | |
parent | e7dfb09a3624a32df2dd00683875d0e56406a603 (diff) |
[NETFILTER]: Don't increase master refcount on expectations
As it's been discussed [1][2]. We shouldn't increase the master conntrack
refcount for non-fulfilled conntracks. During the conntrack destruction,
the expectations are always killed before the conntrack itself, this
guarantees that there won't be any orphan expectation.
[1]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020783.html
[2]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020904.html
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index e23e8ca476c0..babce304c619 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c | |||
@@ -938,6 +938,9 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp) | |||
938 | write_unlock_bh(&ip_conntrack_lock); | 938 | write_unlock_bh(&ip_conntrack_lock); |
939 | } | 939 | } |
940 | 940 | ||
941 | /* We don't increase the master conntrack refcount for non-fulfilled | ||
942 | * conntracks. During the conntrack destruction, the expectations are | ||
943 | * always killed before the conntrack itself */ | ||
941 | struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) | 944 | struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) |
942 | { | 945 | { |
943 | struct ip_conntrack_expect *new; | 946 | struct ip_conntrack_expect *new; |
@@ -948,17 +951,14 @@ struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) | |||
948 | return NULL; | 951 | return NULL; |
949 | } | 952 | } |
950 | new->master = me; | 953 | new->master = me; |
951 | atomic_inc(&new->master->ct_general.use); | ||
952 | atomic_set(&new->use, 1); | 954 | atomic_set(&new->use, 1); |
953 | return new; | 955 | return new; |
954 | } | 956 | } |
955 | 957 | ||
956 | void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) | 958 | void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) |
957 | { | 959 | { |
958 | if (atomic_dec_and_test(&exp->use)) { | 960 | if (atomic_dec_and_test(&exp->use)) |
959 | ip_conntrack_put(exp->master); | ||
960 | kmem_cache_free(ip_conntrack_expect_cachep, exp); | 961 | kmem_cache_free(ip_conntrack_expect_cachep, exp); |
961 | } | ||
962 | } | 962 | } |
963 | 963 | ||
964 | static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp) | 964 | static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp) |