linux/include/net/netfilter
Pablo Neira Ayuso 5b423f6a40 netfilter: nf_conntrack: fix racy timer handling with reliable events
Existing code assumes that del_timer returns true for alive conntrack
entries. However, this is not true if reliable events are enabled.
In that case, del_timer may return true for entries that were
just inserted in the dying list. Note that packets / ctnetlink may
hold references to conntrack entries that were just inserted to such
list.

This patch fixes the issue by adding an independent timer for
event delivery. This increases the size of the ecache extension.
Still we can revisit this later and use variable size extensions
to allocate this area on demand.

Tested-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-08-31 15:50:28 +02:00
..
ipv4
ipv6
nf_conntrack_acct.h netfilter: nf_conntrack: use atomic64 for accounting counters 2011-12-18 01:19:19 +01:00
nf_conntrack_core.h netfilter: nf_ct_generic: add namespace support 2012-06-07 14:58:39 +02:00
nf_conntrack_ecache.h netfilter: nf_conntrack: fix racy timer handling with reliable events 2012-08-31 15:50:28 +02:00
nf_conntrack_expect.h netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 2012-06-16 15:08:39 +02:00
nf_conntrack_extend.h netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_helper.h netfilter: add user-space connection tracking helper infrastructure 2012-06-16 15:40:02 +02:00
nf_conntrack_l3proto.h netfilter: nf_conntrack: remove now unused sysctl for nf_conntrack_l[3|4]proto 2012-06-07 14:58:41 +02:00
nf_conntrack_l4proto.h netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_timeout.h netfilter: cttimeout: fix dependency with l4protocol conntrack module 2012-03-23 00:52:01 +01:00
nf_conntrack_timestamp.h
nf_conntrack_tuple.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_conntrack_zones.h
nf_conntrack.h netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_log.h treewide: use __printf not __attribute__((format(printf,...))) 2011-10-31 17:30:54 -07:00
nf_nat_core.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_nat_helper.h netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled 2012-06-16 15:09:08 +02:00
nf_nat_protocol.h netfilter: ctnetlink: remove dead NAT code 2011-12-23 14:36:46 +01:00
nf_nat_rule.h
nf_nat.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_queue.h
nf_tproxy_core.h net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
nfnetlink_log.h
nfnetlink_queue.h netfilter: fix missing symbols if CONFIG_NETFILTER_NETLINK_QUEUE_CT unset 2012-06-18 21:09:17 -07:00
xt_log.h netfilter: xt_LOG: don't use xchg() for simple assignment 2012-03-26 14:00:28 +02:00
xt_rateest.h