Commit 14a50bba authored Aug 09, 2005 by Pablo Neira Ayuso Committed by David S. Miller Aug 29, 2005

[NETFILTER]: ctnetlink: make sure event order is correct



The following sequence is displayed during events dumping of an ICMP
connection: [NEW] [DESTROY] [UPDATE]

This happens because the event IPCT_DESTROY is delivered in
death_by_timeout(), that is called from the icmp protocol helper
(ct->timeout.function) once we see the reply.

To fix this, we move this event to destroy_conntrack().

Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 1444fc55

net/ipv4/netfilter/ip_conntrack_core.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -316,6 +316,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
		IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
		IP_NF_ASSERT(!timer_pending(&ct->timeout));

		ip_conntrack_event(IPCT_DESTROY, ct);
		set_bit(IPS_DYING_BIT, &ct->status);

		/* To make sure we don't get any weird locking issues here:
		@@ -355,7 +356,6 @@ static void death_by_timeout(unsigned long ul_conntrack)
		{
		struct ip_conntrack ct = (void )ul_conntrack;

		ip_conntrack_event(IPCT_DESTROY, ct);
		write_lock_bh(&ip_conntrack_lock);
		/* Inside lock so preempt is disabled on module removal path.
		* Otherwise we can get spurious warnings. */