Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 55871d04 authored by Patrick McHardy's avatar Patrick McHardy
Browse files

[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks 



New extensions may only be added to unconfirmed conntracks to avoid races
when reallocating the storage.

Also change NF_CT_ASSERT to use WARN_ON to get backtraces.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 8c87238b

include/net/netfilter/nf_conntrack.h

+1 −8
Original line number Diff line number Diff line
@@ -65,14 +65,7 @@ union nf_conntrack_help { 
#include <linux/timer.h>



#ifdef CONFIG_NETFILTER_DEBUG

#define NF_CT_ASSERT(x)							\

do {									\

	if (!(x))							\

		/* Wooah!  I'm tripping my conntrack in a frenzy of	\

		   netplay... */					\

		printk("NF_CT_ASSERT: %s:%i(%s)\n",			\

		       __FILE__, __LINE__, __FUNCTION__);		\

} while(0)

#define NF_CT_ASSERT(x)		WARN_ON(!(x))

#else

#define NF_CT_ASSERT(x)

#endif

net/netfilter/nf_conntrack_extend.c

+3 −0
Original line number Diff line number Diff line
@@ -71,6 +71,9 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) 
	int i, newlen, newoff;

	struct nf_ct_ext_type *t;



	/* Conntrack must not be confirmed to avoid races on reallocation. */

	NF_CT_ASSERT(!nf_ct_is_confirmed(ct));



	if (!ct->ext)

		return nf_ct_ext_create(&ct->ext, id, gfp);