[NETFILTER]: Fix expectation eviction order

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@redhat.com>

[NETFILTER]: Fix expectation eviction order
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@redhat.com>
1c77f277 · Patrick McHardy · b5924be6 · 1c77f277 · 1c77f277
Commit 1c77f277 authored Jun 21, 2004 by Patrick McHardy
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 17 deletions

net/ipv4/netfilter/ip_conntrack_core.c net/ipv4/netfilter/ip_conntrack_core.c +7 -16

net/ipv4/netfilter/ip_nat_core.c net/ipv4/netfilter/ip_nat_core.c +1 -1

No files found.
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -947,9 +947,8 @@ ip_conntrack_expect_insert(struct ip_conntrack_expect *new,
 	atomic_set(&new->use, 1);

 	/* add to expected list for this connection */
-	list_add(&new->expected_list, &related_to->sibling_list);
+	list_add_tail(&new->expected_list, &related_to->sibling_list);
 	/* add to global list of expectations */
-
 	list_prepend(&ip_conntrack_expect_list, &new->list);
 	/* add and start timer if required */
 	if (related_to->helper->timeout) {
@@ -1003,7 +1002,6 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect,

 	} else if (related_to->helper->max_expected && 
 		   related_to->expecting >= related_to->helper->max_expected) {
-		struct list_head *cur_item;
 		/* old == NULL */
 		if (!(related_to->helper->flags & 
 		      IP_CT_HELPER_F_REUSE_EXPECT)) {
@@ -1029,21 +1027,14 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect,
 		       NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip));
 
 		/* choose the the oldest expectation to evict */
-		list_for_each(cur_item, &related_to->sibling_list) { 
-			struct ip_conntrack_expect *cur;
-
-			cur = list_entry(cur_item, 
-					 struct ip_conntrack_expect,
-					 expected_list);
-			if (cur->sibling == NULL) {
-				old = cur;
+		list_for_each_entry(old, &related_to->sibling_list, 
+		                                      expected_list)
+			if (old->sibling == NULL)
 				break;
-			}
-		}

-		/* (!old) cannot happen, since related_to->expecting is the
-		 * number of unconfirmed expects */
-		IP_NF_ASSERT(old);
+		/* We cannot fail since related_to->expecting is the number
+		 * of unconfirmed expectations */
+		IP_NF_ASSERT(old && old->sibling == NULL);

 		/* newnat14 does not reuse the real allocated memory
 		 * structures but rather unexpects the old and

--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -817,7 +817,7 @@ do_bindings(struct ip_conntrack *ct,

 		/* Have to grab read lock before sibling_list traversal */
 		READ_LOCK(&ip_conntrack_lock);
-		list_for_each(cur_item, &ct->sibling_list) { 
+		list_for_each_prev(cur_item, &ct->sibling_list) { 
 			exp = list_entry(cur_item, struct ip_conntrack_expect, 
 					 expected_list);