From: Liping Zhang <zlpnobody@xxxxxxxxx> User can still delete the cthelper even if it is in use: # nfct helper add ssdp inet udp # iptables -t raw -A OUTPUT -p udp -j CT --helper ssdp # nfct helper delete ssdp //--> succeed! This will cause a use-after-free error. So we shoule add a refcnt to fix this issue. Before accomplishing this, it's better to introduce a nf_conntrack_helper_put helper function. Note, this patch set is based on http://patchwork.ozlabs.org/patch/748533/. But I think it may still conflict with other patches. If so, I can rebase it. Liping Zhang (2): netfilter: introduce nf_conntrack_helper_put helper function netfilter: nfnl_cthelper: reject del request if helper obj is in use include/net/netfilter/nf_conntrack_helper.h | 4 ++++ net/netfilter/nf_conntrack_helper.c | 12 ++++++++++++ net/netfilter/nfnetlink_cthelper.c | 17 +++++++++++------ net/netfilter/xt_CT.c | 6 +++--- net/openvswitch/conntrack.c | 4 ++-- 5 files changed, 32 insertions(+), 11 deletions(-) -- 2.5.5 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
