Am 22.09.2010 00:38, schrieb Pablo Neira Ayuso:
>>
>> My main question is - what will be cleaning up these expectations
>> on module unload? Currently expectations are cleaned up on unload
>> of the corresponding helper module, which obviously doesn't
>> happen in this case.
>
> Indeed. I have reworked the patch to add the nf_ct_userspace_expect_list
> that is used to delete all the user-space created expectations if
> ctnetlink is unloaded.
> diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
> index fdc50ca..23a1a08 100644
> --- a/include/linux/netfilter/nf_conntrack_common.h
> +++ b/include/linux/netfilter/nf_conntrack_common.h
> @@ -103,6 +103,7 @@ enum ip_conntrack_expect_events {
> /* expectation flags */
> #define NF_CT_EXPECT_PERMANENT 0x1
> #define NF_CT_EXPECT_INACTIVE 0x2
> +#define NF_CT_EXPECT_USERSPACE 0x4
Does this flag need to be exposed to userspace? I also don't
see anything preventing userspace incorrectly setting it on
an expectation that actually does have a master, which will
probably cause problems later on.
> diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
> index acb29cc..361a8ba 100644
> --- a/net/netfilter/nf_conntrack_expect.c
> +++ b/net/netfilter/nf_conntrack_expect.c
> @@ -38,20 +38,26 @@ static int nf_ct_expect_hash_rnd_initted __read_mostly;
>
> static struct kmem_cache *nf_ct_expect_cachep __read_mostly;
>
> +static HLIST_HEAD(nf_ct_userspace_expect_list);
> +static int nf_ct_userspace_expect_list_counter;
This counter is write-only.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
