On Fri, 24 Feb 2012, Pablo Neira Ayuso wrote: > On Fri, Feb 24, 2012 at 09:06:37AM +0100, Jozsef Kadlecsik wrote: > > > > On Fri, 24 Feb 2012, Pablo Neira Ayuso wrote: > > > > > On Thu, Feb 23, 2012 at 09:44:21PM +0100, Jozsef Kadlecsik wrote: > > > > OK, here it comes: > > > > > > > > The previous patch with the title "netfilter: fix soft lockup > > > > when netlink adds new entries" introduced a race: conntrack and > > > > ctnetlink could insert the same entry twice into the hash table. > > > > The patch eliminates the race condition by using the same checking > > > > as conntrack confirm does. > > > > > > > > Signed-off-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> > > > > --- > > > > include/net/netfilter/nf_conntrack.h | 2 + > > > > net/netfilter/nf_conntrack_core.c | 41 ++++++++++++++++++++++++++++++++++ > > > > net/netfilter/nf_conntrack_netlink.c | 9 +++---- > > > > 3 files changed, 47 insertions(+), 5 deletions(-) > > > > > > > > diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h > > > > index 8a2b0ae..48bfe75 100644 > > > > --- a/include/net/netfilter/nf_conntrack.h > > > > +++ b/include/net/netfilter/nf_conntrack.h > > > > @@ -210,6 +210,8 @@ __nf_conntrack_find(struct net *net, u16 zone, > > > > const struct nf_conntrack_tuple *tuple); > > > > > > > > extern void nf_conntrack_hash_insert(struct nf_conn *ct); > > > > +extern int nf_conntrack_hash_check_insert(struct net *net, u16 zone, > > > > + struct nf_conn *ct); > > > > > > nf_conntrack_hash_insert has no clients anymore after this change. [...] > I see. Go ahead then. OK, and I remove nf_conntrack_hash_insert then, and use a single ct argument because as you noted net and zone can be extracted from the ct. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
