Commit 42df4fb9 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso

netfilter: cttimeout: decouple unlink and free on netns destruction

Increment the extid on module removal; this makes sure that even
in extreme cases any old uncofirmed entry that happened to be kept
e.g. on nfnetlink_queue list will not trip over a stale timeout
reference.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c56716c6
...@@ -656,12 +656,24 @@ static int __init cttimeout_init(void) ...@@ -656,12 +656,24 @@ static int __init cttimeout_init(void)
return ret; return ret;
} }
static int untimeout(struct nf_conn *ct, void *timeout)
{
struct nf_conn_timeout *timeout_ext = nf_ct_timeout_find(ct);
if (timeout_ext)
RCU_INIT_POINTER(timeout_ext->timeout, NULL);
return 0;
}
static void __exit cttimeout_exit(void) static void __exit cttimeout_exit(void)
{ {
nfnetlink_subsys_unregister(&cttimeout_subsys); nfnetlink_subsys_unregister(&cttimeout_subsys);
unregister_pernet_subsys(&cttimeout_ops); unregister_pernet_subsys(&cttimeout_ops);
RCU_INIT_POINTER(nf_ct_timeout_hook, NULL); RCU_INIT_POINTER(nf_ct_timeout_hook, NULL);
nf_ct_iterate_destroy(untimeout, NULL);
synchronize_rcu(); synchronize_rcu();
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment