]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: ctnetlink: make sure event order is correct
authorPablo Neira Ayuso <pablo@eurodev.net>
Wed, 10 Aug 2005 03:05:52 +0000 (20:05 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Mon, 29 Aug 2005 22:40:13 +0000 (15:40 -0700)
The following sequence is displayed during events dumping of an ICMP
connection: [NEW] [DESTROY] [UPDATE]

This happens because the event IPCT_DESTROY is delivered in
death_by_timeout(), that is called from the icmp protocol helper
(ct->timeout.function) once we see the reply.

To fix this, we move this event to destroy_conntrack().

Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/ip_conntrack_core.c

index 5c3f16eae2d83ff537da0081aa0f31274cc0d421..dace93eacc5c1b05938455551159286a4e245f0f 100644 (file)
@@ -316,6 +316,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
        IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
        IP_NF_ASSERT(!timer_pending(&ct->timeout));
 
+       ip_conntrack_event(IPCT_DESTROY, ct);
        set_bit(IPS_DYING_BIT, &ct->status);
 
        /* To make sure we don't get any weird locking issues here:
@@ -355,7 +356,6 @@ static void death_by_timeout(unsigned long ul_conntrack)
 {
        struct ip_conntrack *ct = (void *)ul_conntrack;
 
-       ip_conntrack_event(IPCT_DESTROY, ct);
        write_lock_bh(&ip_conntrack_lock);
        /* Inside lock so preempt is disabled on module removal path.
         * Otherwise we can get spurious warnings. */