linux/include/net/netfilter
Pablo Neira Ayuso 5b423f6a40 netfilter: nf_conntrack: fix racy timer handling with reliable events
Existing code assumes that del_timer returns true for alive conntrack
entries. However, this is not true if reliable events are enabled.
In that case, del_timer may return true for entries that were
just inserted in the dying list. Note that packets / ctnetlink may
hold references to conntrack entries that were just inserted to such
list.

This patch fixes the issue by adding an independent timer for
event delivery. This increases the size of the ecache extension.
Still we can revisit this later and use variable size extensions
to allocate this area on demand.

Tested-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-08-31 15:50:28 +02:00
..
ipv4 netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
ipv6 netfilter: fix compilation when conntrack is disabled but tproxy is enabled 2011-01-12 20:25:08 +01:00
nf_conntrack_acct.h netfilter: nf_conntrack: use atomic64 for accounting counters 2011-12-18 01:19:19 +01:00
nf_conntrack_core.h netfilter: nf_ct_generic: add namespace support 2012-06-07 14:58:39 +02:00
nf_conntrack_ecache.h netfilter: nf_conntrack: fix racy timer handling with reliable events 2012-08-31 15:50:28 +02:00
nf_conntrack_expect.h netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 2012-06-16 15:08:39 +02:00
nf_conntrack_extend.h netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_helper.h netfilter: add user-space connection tracking helper infrastructure 2012-06-16 15:40:02 +02:00
nf_conntrack_l3proto.h netfilter: nf_conntrack: remove now unused sysctl for nf_conntrack_l[3|4]proto 2012-06-07 14:58:41 +02:00
nf_conntrack_l4proto.h netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_timeout.h netfilter: cttimeout: fix dependency with l4protocol conntrack module 2012-03-23 00:52:01 +01:00
nf_conntrack_timestamp.h netfilter: nf_conntrack: fix linker error with NF_CONNTRACK_TIMESTAMP=n 2011-01-20 20:46:52 +01:00
nf_conntrack_tuple.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_conntrack_zones.h netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n 2010-02-18 19:04:44 +01:00
nf_conntrack.h netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_log.h treewide: use __printf not __attribute__((format(printf,...))) 2011-10-31 17:30:54 -07:00
nf_nat_core.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_nat_helper.h netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled 2012-06-16 15:09:08 +02:00
nf_nat_protocol.h netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_rule.h netfilter: nf_nat: support user-specified SNAT rules in LOCAL_IN 2010-06-17 06:12:26 +02:00
nf_nat.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_queue.h netfilter: Use unsigned types for hooknum and pf vars 2008-10-08 11:35:00 +02:00
nf_tproxy_core.h net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
nfnetlink_log.h nfnetlink_log: do not expose NFULNL_COPY_DISABLED to user-space 2010-07-15 11:27:41 +02:00
nfnetlink_queue.h netfilter: fix missing symbols if CONFIG_NETFILTER_NETLINK_QUEUE_CT unset 2012-06-18 21:09:17 -07:00
xt_log.h netfilter: xt_LOG: don't use xchg() for simple assignment 2012-03-26 14:00:28 +02:00
xt_rateest.h Merge branch 'master' of /repos/git/net-next-2.6 2010-06-15 17:31:06 +02:00