Commit 30962905 authored by Patrick McHardy's avatar Patrick McHardy

[NETFILTER]: Fix non-existant config option for IP_NF_ASSERT, fix some broken assertions

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 9a85e04e
...@@ -103,7 +103,7 @@ union ip_conntrack_nat_help { ...@@ -103,7 +103,7 @@ union ip_conntrack_nat_help {
#include <linux/types.h> #include <linux/types.h>
#include <linux/skbuff.h> #include <linux/skbuff.h>
#ifdef CONFIG_NF_DEBUG #ifdef CONFIG_NETFILTER_DEBUG
#define IP_NF_ASSERT(x) \ #define IP_NF_ASSERT(x) \
do { \ do { \
if (!(x)) \ if (!(x)) \
......
...@@ -174,13 +174,12 @@ static void ...@@ -174,13 +174,12 @@ static void
destroy_expect(struct ip_conntrack_expect *exp) destroy_expect(struct ip_conntrack_expect *exp)
{ {
DEBUGP("destroy_expect(%p) use=%d\n", exp, atomic_read(&exp->use)); DEBUGP("destroy_expect(%p) use=%d\n", exp, atomic_read(&exp->use));
IP_NF_ASSERT(atomic_read(&exp->use)); IP_NF_ASSERT(atomic_read(&exp->use) == 0);
IP_NF_ASSERT(!timer_pending(&exp->timeout)); IP_NF_ASSERT(!timer_pending(&exp->timeout));
kfree(exp); kfree(exp);
} }
inline void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) inline void ip_conntrack_expect_put(struct ip_conntrack_expect *exp)
{ {
IP_NF_ASSERT(exp); IP_NF_ASSERT(exp);
...@@ -716,7 +715,6 @@ init_conntrack(const struct ip_conntrack_tuple *tuple, ...@@ -716,7 +715,6 @@ init_conntrack(const struct ip_conntrack_tuple *tuple,
DEBUGP("conntrack: expectation arrives ct=%p exp=%p\n", DEBUGP("conntrack: expectation arrives ct=%p exp=%p\n",
conntrack, expected); conntrack, expected);
/* Welcome, Mr. Bond. We've been expecting you... */ /* Welcome, Mr. Bond. We've been expecting you... */
IP_NF_ASSERT(master_ct(conntrack));
__set_bit(IPS_EXPECTED_BIT, &conntrack->status); __set_bit(IPS_EXPECTED_BIT, &conntrack->status);
conntrack->master = expected; conntrack->master = expected;
expected->sibling = conntrack; expected->sibling = conntrack;
......
...@@ -528,6 +528,7 @@ ip_nat_setup_info(struct ip_conntrack *conntrack, ...@@ -528,6 +528,7 @@ ip_nat_setup_info(struct ip_conntrack *conntrack,
MUST_BE_WRITE_LOCKED(&ip_nat_lock); MUST_BE_WRITE_LOCKED(&ip_nat_lock);
IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING IP_NF_ASSERT(hooknum == NF_IP_PRE_ROUTING
|| hooknum == NF_IP_POST_ROUTING || hooknum == NF_IP_POST_ROUTING
|| hooknum == NF_IP_LOCAL_IN
|| hooknum == NF_IP_LOCAL_OUT); || hooknum == NF_IP_LOCAL_OUT);
IP_NF_ASSERT(info->num_manips < IP_NAT_MAX_MANIPS); IP_NF_ASSERT(info->num_manips < IP_NAT_MAX_MANIPS);
IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum)))); IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
...@@ -899,10 +900,10 @@ icmp_reply_translation(struct sk_buff **pskb, ...@@ -899,10 +900,10 @@ icmp_reply_translation(struct sk_buff **pskb,
/* Must be RELATED */ /* Must be RELATED */
IP_NF_ASSERT((*pskb)->nfct IP_NF_ASSERT((*pskb)->nfct
- (struct ip_conntrack *)(*pskb)->nfct->master - ((struct ip_conntrack *)(*pskb)->nfct->master)->infos
== IP_CT_RELATED == IP_CT_RELATED
|| (*pskb)->nfct || (*pskb)->nfct
- (struct ip_conntrack *)(*pskb)->nfct->master - ((struct ip_conntrack *)(*pskb)->nfct->master)->infos
== IP_CT_RELATED+IP_CT_IS_REPLY); == IP_CT_RELATED+IP_CT_IS_REPLY);
/* Redirects on non-null nats must be dropped, else they'll /* Redirects on non-null nats must be dropped, else they'll
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment