linux/net/ipv4/netfilter
Patrick McHardy ec68e97ded [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops
Fix {nf,ip}_ct_iterate_cleanup unconfirmed list handling:

- unconfirmed entries can not be killed manually, they are removed on
  confirmation or final destruction of the conntrack entry, which means
  we might iterate forever without making forward progress.

  This can happen in combination with the conntrack event cache, which
  holds a reference to the conntrack entry, which is only released when
  the packet makes it all the way through the stack or a different
  packet is handled.

- taking references to an unconfirmed entry and using it outside the
  locked section doesn't work, the list entries are not refcounted and
  another CPU might already be waiting to destroy the entry

What the code really wants to do is make sure the references of the hash
table to the selected conntrack entries are released, so they will be
destroyed once all references from skbs and the event cache are dropped.

Since unconfirmed entries haven't even entered the hash yet, simply mark
them as dying and skip confirmation based on that.

Reported and tested by Chuck Ebbert <cebbert@redhat.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-05 13:25:18 -08:00
..
arp_tables.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
arpt_mangle.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
arptable_filter.c [NETFILTER]: x_tables: remove unused argument to target functions 2006-09-22 14:55:33 -07:00
ip_conntrack_amanda.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_core.c [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops 2007-03-05 13:25:18 -08:00
ip_conntrack_ftp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_helper_h323.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_helper_pptp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_irc.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_netbios_ns.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_netlink.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_proto_generic.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ip_conntrack_proto_gre.c [NETFILTER]: remove remaining ASSERT_{READ,WRITE}_LOCK 2006-12-02 21:31:33 -08:00
ip_conntrack_proto_icmp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ip_conntrack_proto_sctp.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
ip_conntrack_proto_tcp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ip_conntrack_proto_udp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
ip_conntrack_sip.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_conntrack_standalone.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
ip_conntrack_tftp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_amanda.c [NETFILTER]: ip_conntrack: fix NAT helper unload races 2006-12-02 21:31:22 -08:00
ip_nat_core.c [NETFILTER]: ip_conntrack: properly use RCU for ip_conntrack_destroyed callback 2007-02-12 11:13:58 -08:00
ip_nat_ftp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_helper_h323.c [NETFILTER]: ip_conntrack: fix NAT helper unload races 2006-12-02 21:31:22 -08:00
ip_nat_helper_pptp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_helper.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_irc.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_proto_gre.c [NET]: netfilter checksum annotations 2006-12-02 21:23:42 -08:00
ip_nat_proto_icmp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_proto_tcp.c [NETFILTER]: NAT: optional source port randomization support 2007-02-08 12:39:17 -08:00
ip_nat_proto_udp.c [NETFILTER]: NAT: optional source port randomization support 2007-02-08 12:39:17 -08:00
ip_nat_proto_unknown.c [NETFILTER]: Remove unused function from NAT protocol helpers 2006-01-10 12:54:34 -08:00
ip_nat_rule.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_sip.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_snmp_basic.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_standalone.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ip_nat_tftp.c [NETFILTER]: ip_conntrack: fix NAT helper unload races 2006-12-02 21:31:22 -08:00
ip_queue.c [PATCH] sysctl: remove insert_at_head from register_sysctl 2007-02-14 08:09:59 -08:00
ip_tables.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_addrtype.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_ah.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_CLUSTERIP.c [PATCH] mark struct file_operations const 7 2007-02-12 09:48:46 -08:00
ipt_ecn.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ipt_ECN.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_iprange.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_LOG.c [NETFILTER]: nf_log: minor cleanups 2007-02-12 11:11:55 -08:00
ipt_MASQUERADE.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_NETMAP.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_owner.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_recent.c [PATCH] mark struct file_operations const 7 2007-02-12 09:48:46 -08:00
ipt_REDIRECT.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_REJECT.c [NETFILTER]: Clear GSO bits for TCP reset packet 2007-02-13 12:32:58 -08:00
ipt_SAME.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_tos.c [NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions 2007-02-08 12:39:19 -08:00
ipt_TOS.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_ttl.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_TTL.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
ipt_ULOG.c [NETFILTER]: nf_log: minor cleanups 2007-02-12 11:11:55 -08:00
iptable_filter.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
iptable_mangle.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
iptable_raw.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
Kconfig [NETFILTER]: Kconfig: improve dependency handling 2007-02-12 11:15:02 -08:00
Makefile [NETFILTER]: add IPv6-capable TCPMSS target 2007-02-08 12:39:16 -08:00
nf_conntrack_l3proto_ipv4_compat.c [PATCH] mark struct file_operations const 7 2007-02-12 09:48:46 -08:00
nf_conntrack_l3proto_ipv4.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_conntrack_proto_icmp.c [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
nf_nat_amanda.c [NETFILTER]: nf_conntrack/nf_nat: add amanda helper port 2006-12-02 22:08:26 -08:00
nf_nat_core.c [NETFILTER]: nf_conntrack: properly use RCU for nf_conntrack_destroyed callback 2007-02-12 11:14:11 -08:00
nf_nat_ftp.c [NETFILTER]: nf_nat: add FTP NAT helper port 2006-12-02 22:07:44 -08:00
nf_nat_h323.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_helper.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_irc.c [NETFILTER]: nf_conntrack/nf_nat: add IRC helper port 2006-12-02 22:09:06 -08:00
nf_nat_pptp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_proto_gre.c [NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port 2006-12-02 22:09:41 -08:00
nf_nat_proto_icmp.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_proto_tcp.c [NETFILTER]: NAT: optional source port randomization support 2007-02-08 12:39:17 -08:00
nf_nat_proto_udp.c [NETFILTER]: NAT: optional source port randomization support 2007-02-08 12:39:17 -08:00
nf_nat_proto_unknown.c [NETFILTER]: Add NAT support for nf_conntrack 2006-12-02 22:07:13 -08:00
nf_nat_rule.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_sip.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_snmp_basic.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_standalone.c [NET] IPV4: Fix whitespace errors. 2007-02-10 23:19:39 -08:00
nf_nat_tftp.c [NETFILTER]: nf_conntrack/nf_nat: add TFTP helper port 2006-12-02 22:10:18 -08:00