linux/net/netfilter
Pablo Neira Ayuso 5b423f6a40 netfilter: nf_conntrack: fix racy timer handling with reliable events
Existing code assumes that del_timer returns true for alive conntrack
entries. However, this is not true if reliable events are enabled.
In that case, del_timer may return true for entries that were
just inserted in the dying list. Note that packets / ctnetlink may
hold references to conntrack entries that were just inserted to such
list.

This patch fixes the issue by adding an independent timer for
event delivery. This increases the size of the ecache extension.
Still we can revisit this later and use variable size extensions
to allocate this area on demand.

Tested-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-08-31 15:50:28 +02:00
..
ipset netfilter: ipset: fix crash if IPSET_CMD_NONE command is sent 2012-06-29 13:04:04 +02:00
ipvs ipvs: fix error return code 2012-08-30 03:27:19 +02:00
core.c netfilter: nfnetlink_queue: fix compilation with CONFIG_NF_NAT=m and CONFIG_NF_CT_NETLINK=y 2012-06-22 02:49:52 +02:00
Kconfig netfilter: nfnetlink_queue: fix compilation with NF_CONNTRACK disabled 2012-06-19 04:44:57 +02:00
Makefile netfilter: nfnetlink_queue: fix compilation with NF_CONNTRACK disabled 2012-06-19 04:44:57 +02:00
nf_conntrack_acct.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_amanda.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: nf_conntrack: fix racy timer handling with reliable events 2012-08-31 15:50:28 +02:00
nf_conntrack_ecache.c netfilter: nf_ct_ecache: refactor notifier registration 2012-05-08 19:17:23 +02:00
nf_conntrack_expect.c netfilter: nf_ct_expect: fix possible access to uninitialized timer 2012-08-16 11:49:53 +02:00
nf_conntrack_extend.c netfilter: nf_ct_ext: support variable length extensions 2012-06-16 15:08:49 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c Merge branch 'master' of git://1984.lsi.us.es/nf-next 2012-06-16 15:23:35 -07:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_ct_helper: disable automatic helper re-assignment of different type 2012-06-19 01:24:52 +02:00
nf_conntrack_irc.c netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 2012-06-16 15:08:39 +02:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: fix error return code in init path 2012-08-30 03:28:22 +02:00
nf_conntrack_pptp.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_proto_dccp.c netfilter: nf_ct_dccp: add dccp_kmemdup_sysctl_table function 2012-06-27 19:14:31 +02:00
nf_conntrack_proto_generic.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack: prepare l4proto->init_net cleanup 2012-06-27 18:31:14 +02:00
nf_conntrack_proto_sctp.c netfilter: nf_ct_sctp: merge sctpv[4,6]_net_init into sctp_net_init 2012-06-27 19:13:31 +02:00
nf_conntrack_proto_tcp.c netfilter: nf_ct_tcp: missing per-net support for cttimeout 2012-07-04 19:37:42 +02:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_proto_udplite.c netfilter: nf_ct_udplite: add udplite_kmemdup_sysctl_table function 2012-06-27 19:12:52 +02:00
nf_conntrack_proto.c netfilter: nf_conntrack: generalize nf_ct_l4proto_net 2012-07-04 19:37:22 +02:00
nf_conntrack_sane.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
nf_conntrack_sip.c netfilter: nf_ct_sip: fix IPv6 address parsing 2012-08-10 11:53:11 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_conntrack_tftp.c netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 2012-06-16 15:08:39 +02:00
nf_conntrack_timeout.c
nf_conntrack_timestamp.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_internals.h
nf_log.c net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nf_queue.c
nf_sockopt.c
nf_tproxy_core.c
nfnetlink_acct.c
nfnetlink_cthelper.c netfilter: add user-space connection tracking helper infrastructure 2012-06-16 15:40:02 +02:00
nfnetlink_cttimeout.c netfilter: nf_conntrack: add namespace support for cttimeout 2012-06-07 14:58:41 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: fix error return code in init path 2012-08-30 03:29:58 +02:00
nfnetlink_queue_core.c netfilter: nfnetlink_queue: do not allow to set unsupported flag bits 2012-07-04 19:51:50 +02:00
nfnetlink_queue_ct.c netfilter: nfnetlink_queue: fix sparse warning due to missing include 2012-06-23 02:13:38 +02:00
nfnetlink.c Merge branch 'master' of git://1984.lsi.us.es/nf-next 2012-07-07 16:18:50 -07:00
x_tables.c
xt_addrtype.c
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlimit.c netfilter: xt_connlimit: remove revision 0 2012-06-07 14:58:39 +02:00
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: nf_ct_helper: implement variable length helper private data 2012-06-16 15:08:55 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: use _ALL macro to reject unknown flag bits 2012-05-17 00:56:31 +02:00
xt_helper.c
xt_hl.c
xt_HL.c
xt_HMARK.c netfilter: xt_HMARK: fix endianness and provide consistent hashing 2012-06-07 14:53:01 +02:00
xt_IDLETIMER.c
xt_iprange.c
xt_ipvs.c
xt_LED.c
xt_length.c
xt_limit.c netfilter: limit, hashlimit: avoid duplicated inline 2012-05-09 12:54:06 +02:00
xt_LOG.c
xt_mac.c netfilter: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:18 -04:00
xt_mark.c
xt_multiport.c
xt_nfacct.c
xt_NFLOG.c
xt_NFQUEUE.c netfilter: NFQUEUE: don't xor src/dst ip address for load distribution 2012-06-07 14:58:42 +02:00
xt_NOTRACK.c
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c
xt_realm.c
xt_recent.c netfilter: xt_recent: add address masking option 2012-06-07 14:58:42 +02:00
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c netfilter: ipset: timeout fixing bug broke SET target special timeout value 2012-07-09 10:53:04 +02:00
xt_socket.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_TCPMSS.c net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c net: replace percpu_xxx funcs with this_cpu_xxx or __this_cpu_xxx 2012-05-14 14:15:31 -07:00
xt_time.c
xt_TPROXY.c net: Fix (nearly-)kernel-doc comments for various functions 2012-07-10 23:13:45 -07:00
xt_TRACE.c
xt_u32.c