summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@eurodev.net>2005-08-10 05:05:52 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2005-08-30 00:40:13 +0200
commit14a50bbaa51202b676a95e9b41bc5ed6c77aa9cc (patch)
tree1f480a6f147ace8c4fbaad5e94bca88152bba30d
parent[NETFILTER]: don't use nested attributes for conntrack_expect (diff)
downloadlinux-14a50bbaa51202b676a95e9b41bc5ed6c77aa9cc.tar.xz
linux-14a50bbaa51202b676a95e9b41bc5ed6c77aa9cc.zip
[NETFILTER]: ctnetlink: make sure event order is correct
The following sequence is displayed during events dumping of an ICMP connection: [NEW] [DESTROY] [UPDATE] This happens because the event IPCT_DESTROY is delivered in death_by_timeout(), that is called from the icmp protocol helper (ct->timeout.function) once we see the reply. To fix this, we move this event to destroy_conntrack(). Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net> Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 5c3f16eae2d8..dace93eacc5c 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -316,6 +316,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
IP_NF_ASSERT(!timer_pending(&ct->timeout));
+ ip_conntrack_event(IPCT_DESTROY, ct);
set_bit(IPS_DYING_BIT, &ct->status);
/* To make sure we don't get any weird locking issues here:
@@ -355,7 +356,6 @@ static void death_by_timeout(unsigned long ul_conntrack)
{
struct ip_conntrack *ct = (void *)ul_conntrack;
- ip_conntrack_event(IPCT_DESTROY, ct);
write_lock_bh(&ip_conntrack_lock);
/* Inside lock so preempt is disabled on module removal path.
* Otherwise we can get spurious warnings. */