Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 266155b2 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: ctnetlink: fix dumping of dying/unconfirmed conntracks 



The dumping prematurely stops, it seems the callback argument that
indicates that all entries have been dumped is set after iterating
on the first cpu list. The dumping also may stop before the entire
per-cpu list content is also dumped.

With this patch, conntrack -L dying now shows the dying list content
again.

Fixes: b7779d06 ("netfilter: conntrack: spinlock per cpu to protect special lists.")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 7171511e

net/netfilter/nf_conntrack_netlink.c

+3 −5
Original line number Diff line number Diff line
@@ -1163,9 +1163,6 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying 
	if (cb->args[2])

		return 0;



	if (cb->args[0] == nr_cpu_ids)

		return 0;



	for (cpu = cb->args[0]; cpu < nr_cpu_ids; cpu++) {

		struct ct_pcpu *pcpu;
@@ -1194,6 +1191,7 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying 
			rcu_read_unlock();

			if (res < 0) {

				nf_conntrack_get(&ct->ct_general);

				cb->args[0] = cpu;

				cb->args[1] = (unsigned long)ct;

				spin_unlock_bh(&pcpu->lock);

				goto out;
@@ -1202,10 +1200,10 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying 
		if (cb->args[1]) {

			cb->args[1] = 0;

			goto restart;

		} else

			cb->args[2] = 1;

		}

		spin_unlock_bh(&pcpu->lock);

	}

	cb->args[2] = 1;

out:

	if (last)

		nf_ct_put(last);