Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 91c46e2e authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller
Browse files

[NETFILTER]: Don't increase master refcount on expectations 

As it's been discussed [1][2]. We shouldn't increase the master conntrack
refcount for non-fulfilled conntracks. During the conntrack destruction,
the expectations are always killed before the conntrack itself, this
guarantees that there won't be any orphan expectation.

[1]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020783.html
[2]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020904.html



Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e7dfb09a

net/ipv4/netfilter/ip_conntrack_core.c

+4 −4
Original line number Diff line number Diff line
@@ -938,6 +938,9 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp) 
	write_unlock_bh(&ip_conntrack_lock);

}



/* We don't increase the master conntrack refcount for non-fulfilled

 * conntracks. During the conntrack destruction, the expectations are 

 * always killed before the conntrack itself */

struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me)

{

	struct ip_conntrack_expect *new;
@@ -948,18 +951,15 @@ struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) 
		return NULL;

	}

	new->master = me;

	atomic_inc(&new->master->ct_general.use);

	atomic_set(&new->use, 1);

	return new;

}



void ip_conntrack_expect_put(struct ip_conntrack_expect *exp)

{

	if (atomic_dec_and_test(&exp->use)) {

		ip_conntrack_put(exp->master);

	if (atomic_dec_and_test(&exp->use))

		kmem_cache_free(ip_conntrack_expect_cachep, exp);

}

}



static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp)

{