OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/netfilter
History
Patrick McHardy 6b69fe0c73 netfilter: nf_conntrack_tcp: fix endless loop 
When a conntrack entry is destroyed in process context and destruction
is interrupted by packet processing and the packet is an attempt to
reopen a closed connection, TCP conntrack tries to kill the old entry
itself and returns NF_REPEAT to pass the packet through the hook
again. This may lead to an endless loop: TCP conntrack repeatedly
finds the old entry, but can not kill it itself since destruction
is already in progress, but destruction in process context can not
complete since TCP conntrack is keeping the CPU busy.

Drop the packet in TCP conntrack if we can't kill the connection
ourselves to avoid this.

Reported by: hemao77@gmail.com [ Kernel bugzilla #11058 ]
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2008-07-09 15:06:12 -07:00
..
Kconfig netfilter: Kconfig: default DCCP/SCTP conntrack support to the protocol config values 2008-05-08 01:16:04 -07:00
Makefile [NETFILTER]: nf_conntrack: add DCCP protocol support 2008-04-14 11:15:49 +02:00
core.c [NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS. 2008-03-26 04:39:53 +09:00
nf_conntrack_amanda.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_core.c netfilter: nf_conntrack: fix ctnetlink related crash in nf_nat_setup_info() 2008-06-11 17:51:10 -07:00
nf_conntrack_ecache.c [NETFILTER]: nf_conntrack_expect: function naming unification 2007-07-10 22:17:53 -07:00
nf_conntrack_expect.c netfilter: nf_conntrack_expect: fix error path unwind in nf_conntrack_expect_init() 2008-05-29 03:19:37 -07:00
nf_conntrack_extend.c netfilter: nf_nat: fix RCU races 2008-06-17 15:51:47 -07:00
nf_conntrack_ftp.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_h323_asn1.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_h323: fix module unload crash 2008-06-17 15:52:32 -07:00
nf_conntrack_h323_types.c [NETFILTER]: nf_conntrack_h323: constify and annotate H.323 helper 2008-01-31 19:28:07 -08:00
nf_conntrack_helper.c [NETFILTER]: annotate rest of nf_conntrack_* with const 2008-04-14 11:15:42 +02:00
nf_conntrack_irc.c [NETFILTER]: annotate rest of nf_conntrack_* with const 2008-04-14 11:15:42 +02:00
nf_conntrack_l3proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l3proto 2008-04-14 11:15:52 +02:00
nf_conntrack_netbios_ns.c [NETFILTER]: nf_conntrack: introduce expectation classes and policies 2008-03-25 20:09:15 -07:00
nf_conntrack_netlink.c netfilter: ctnetlink: dump conntrack ID in event messages 2008-05-13 23:27:11 -07:00
nf_conntrack_pptp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
nf_conntrack_proto_dccp.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_generic.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_gre.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_sctp.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack_tcp: fix endless loop 2008-07-09 15:06:12 -07:00
nf_conntrack_proto_udp.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_proto_udplite.c [NETFILTER]: nf_conntrack: use bool type in struct nf_conntrack_l4proto 2008-04-14 11:15:53 +02:00
nf_conntrack_sane.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: restrict RTP expect flushing on error to last request 2008-05-08 01:15:21 -07:00
nf_conntrack_standalone.c netfilter: assign PDE->fops before gluing PDE into /proc tree 2008-05-02 04:10:57 -07:00
nf_conntrack_tftp.c [NETFILTER]: nf_conntrack: replace NF_CT_DUMP_TUPLE macro indrection by function call 2008-04-14 11:15:54 +02:00
nf_internals.h [NETFILTER]: Replace sk_buff ** with sk_buff * 2007-10-15 12:26:29 -07:00
nf_log.c netfilter: Make nflog quiet when no one listen in userspace. 2008-06-11 17:50:27 -07:00
nf_queue.c Remove duplicated unlikely() in IS_ERR() 2008-04-29 08:06:25 -07:00
nf_sockopt.c [NET] NETNS: Omit sock->sk_net without CONFIG_NET_NS. 2008-03-26 04:39:55 +09:00
nfnetlink.c [NETNS]: Consolidate kernel netlink socket destruction. 2008-01-28 15:08:07 -08:00
nfnetlink_log.c [NETFILTER]: Replate direct proc_fops assignment with proc_create call. 2008-03-27 16:55:53 -07:00
nfnetlink_queue.c netfilter: {nfnetlink,ip,ip6}_queue: fix skb_over_panic when enlarging packets 2008-04-29 03:16:34 -07:00
x_tables.c netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 04:11:52 -07:00
xt_CLASSIFY.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_CONNMARK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_CONNSECMARK.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_DSCP.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_MARK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NFLOG.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NFQUEUE.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_NOTRACK.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_RATEEST.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_SECMARK.c [NETFILTER]: make secmark_tg_destroy() static 2008-02-13 17:41:39 -08:00
xt_TCPMSS.c [NETFILTER]: xt_TCPMSS: consider reverse route's MTU in clamp-to-pmtu 2008-01-31 19:27:42 -08:00
xt_TCPOPTSTRIP.c netfilter: xt_TCPOPTSTRIP: signed tcphoff for ipv6_skip_exthdr() retval 2008-04-29 03:15:10 -07:00
xt_TRACE.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_comment.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_connbytes.c rename div64_64 to div64_u64 2008-05-01 08:03:58 -07:00
xt_connlimit.c netfilter: xt_connlimit: fix accouning when receive RST packet in ESTABLISHED state 2008-06-04 09:57:51 -07:00
xt_connmark.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_conntrack.c [NETFILTER]: nf_conntrack: add tuplehash l3num/protonum accessors 2008-04-14 11:15:52 +02:00
xt_dccp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_dscp.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_esp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_hashlimit.c netfilter: assign PDE->data before gluing PDE into /proc tree 2008-05-02 02:45:42 -07:00
xt_helper.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_iprange.c netfilter: xt_iprange: module aliases for xt_iprange 2008-05-13 23:27:48 -07:00
xt_length.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_limit.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_mac.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_mark.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_multiport.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_owner.c [NETFILTER]: xt_owner: allow matching UID/GID ranges 2008-01-31 19:27:43 -08:00
xt_physdev.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_pkttype.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_policy.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_quota.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_rateest.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_realm.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_sctp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_state.c [NETFILTER]: x_tables: use %u format specifiers 2008-01-28 14:59:07 -08:00
xt_statistic.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_string.c [NETFILTER]: Update modules' descriptions 2008-01-28 15:02:26 -08:00
xt_tcpmss.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_tcpudp.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_time.c [NETFILTER]: annotate xtables targets with const and remove casts 2008-04-14 09:56:05 +02:00
xt_u32.c [NETFILTER]: xt_u32: drop the actually unused variable from u32_match_it 2008-02-19 17:18:20 -08:00