aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-09-20 15:11:30 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-09-22 18:20:20 -0400
commit4c5de695cf7f71c85ad8cfff509f6475b8bd4d27 (patch)
tree5175e20ab9244b4a0961ae98d85c8823956aad77 /net
parentfd5e3befa405ea64d4db6b393b821644bf963c57 (diff)
[NETFILTER]: PPTP conntrack: fix another GRE keymap leak
When the master PPTP connection times out while still having unfullfilled expectations (and a GRE keymap entry) associated with it, the keymap entry is not destroyed. Add a destroy callback to struct ip_conntrack_helper and use it to destroy PPTP siblings when the master is destroyed. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c5
-rw-r--r--net/ipv4/netfilter/ip_conntrack_helper_pptp.c12
2 files changed, 7 insertions, 10 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 2b6f24fc727e..c432b3163609 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -307,6 +307,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
307{ 307{
308 struct ip_conntrack *ct = (struct ip_conntrack *)nfct; 308 struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
309 struct ip_conntrack_protocol *proto; 309 struct ip_conntrack_protocol *proto;
310 struct ip_conntrack_helper *helper;
310 311
311 DEBUGP("destroy_conntrack(%p)\n", ct); 312 DEBUGP("destroy_conntrack(%p)\n", ct);
312 IP_NF_ASSERT(atomic_read(&nfct->use) == 0); 313 IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
@@ -315,6 +316,10 @@ destroy_conntrack(struct nf_conntrack *nfct)
315 ip_conntrack_event(IPCT_DESTROY, ct); 316 ip_conntrack_event(IPCT_DESTROY, ct);
316 set_bit(IPS_DYING_BIT, &ct->status); 317 set_bit(IPS_DYING_BIT, &ct->status);
317 318
319 helper = ct->helper;
320 if (helper && helper->destroy)
321 helper->destroy(ct);
322
318 /* To make sure we don't get any weird locking issues here: 323 /* To make sure we don't get any weird locking issues here:
319 * destroy_conntrack() MUST NOT be called with a write lock 324 * destroy_conntrack() MUST NOT be called with a write lock
320 * to ip_conntrack_lock!!! -HW */ 325 * to ip_conntrack_lock!!! -HW */
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 98267b0d2a47..fb0aee691721 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -553,15 +553,6 @@ conntrack_pptp_help(struct sk_buff **pskb,
553 nexthdr_off += tcph->doff * 4; 553 nexthdr_off += tcph->doff * 4;
554 datalen = tcplen - tcph->doff * 4; 554 datalen = tcplen - tcph->doff * 4;
555 555
556 if (tcph->fin || tcph->rst) {
557 DEBUGP("RST/FIN received, timeouting GRE\n");
558 /* can't do this after real newnat */
559 info->cstate = PPTP_CALL_NONE;
560
561 /* untrack this call id, unexpect GRE packets */
562 pptp_destroy_siblings(ct);
563 }
564
565 pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph); 556 pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph);
566 if (!pptph) { 557 if (!pptph) {
567 DEBUGP("no full PPTP header, can't track\n"); 558 DEBUGP("no full PPTP header, can't track\n");
@@ -640,7 +631,8 @@ static struct ip_conntrack_helper pptp = {
640 .protonum = 0xff 631 .protonum = 0xff
641 } 632 }
642 }, 633 },
643 .help = conntrack_pptp_help 634 .help = conntrack_pptp_help,
635 .destroy = pptp_destroy_siblings,
644}; 636};
645 637
646extern void ip_ct_proto_gre_fini(void); 638extern void ip_ct_proto_gre_fini(void);