Commit 91c46e2e authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by David S. Miller

[NETFILTER]: Don't increase master refcount on expectations

As it's been discussed [1][2]. We shouldn't increase the master conntrack
refcount for non-fulfilled conntracks. During the conntrack destruction,
the expectations are always killed before the conntrack itself, this
guarantees that there won't be any orphan expectation.

[1]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020783.html
[2]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020904.htmlSigned-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e7dfb09a
...@@ -938,6 +938,9 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp) ...@@ -938,6 +938,9 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp)
write_unlock_bh(&ip_conntrack_lock); write_unlock_bh(&ip_conntrack_lock);
} }
/* We don't increase the master conntrack refcount for non-fulfilled
* conntracks. During the conntrack destruction, the expectations are
* always killed before the conntrack itself */
struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me)
{ {
struct ip_conntrack_expect *new; struct ip_conntrack_expect *new;
...@@ -948,17 +951,14 @@ struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) ...@@ -948,17 +951,14 @@ struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me)
return NULL; return NULL;
} }
new->master = me; new->master = me;
atomic_inc(&new->master->ct_general.use);
atomic_set(&new->use, 1); atomic_set(&new->use, 1);
return new; return new;
} }
void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) void ip_conntrack_expect_put(struct ip_conntrack_expect *exp)
{ {
if (atomic_dec_and_test(&exp->use)) { if (atomic_dec_and_test(&exp->use))
ip_conntrack_put(exp->master);
kmem_cache_free(ip_conntrack_expect_cachep, exp); kmem_cache_free(ip_conntrack_expect_cachep, exp);
}
} }
static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp) static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment