diff options
author | Pablo Neira Ayuso <pablo@eurodev.net> | 2005-08-10 05:05:52 +0200 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-30 00:40:13 +0200 |
commit | 14a50bbaa51202b676a95e9b41bc5ed6c77aa9cc (patch) | |
tree | 1f480a6f147ace8c4fbaad5e94bca88152bba30d | |
parent | [NETFILTER]: don't use nested attributes for conntrack_expect (diff) | |
download | linux-14a50bbaa51202b676a95e9b41bc5ed6c77aa9cc.tar.xz linux-14a50bbaa51202b676a95e9b41bc5ed6c77aa9cc.zip |
[NETFILTER]: ctnetlink: make sure event order is correct
The following sequence is displayed during events dumping of an ICMP
connection: [NEW] [DESTROY] [UPDATE]
This happens because the event IPCT_DESTROY is delivered in
death_by_timeout(), that is called from the icmp protocol helper
(ct->timeout.function) once we see the reply.
To fix this, we move this event to destroy_conntrack().
Signed-off-by: Pablo Neira Ayuso <pablo@eurodev.net>
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 5c3f16eae2d8..dace93eacc5c 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c @@ -316,6 +316,7 @@ destroy_conntrack(struct nf_conntrack *nfct) IP_NF_ASSERT(atomic_read(&nfct->use) == 0); IP_NF_ASSERT(!timer_pending(&ct->timeout)); + ip_conntrack_event(IPCT_DESTROY, ct); set_bit(IPS_DYING_BIT, &ct->status); /* To make sure we don't get any weird locking issues here: @@ -355,7 +356,6 @@ static void death_by_timeout(unsigned long ul_conntrack) { struct ip_conntrack *ct = (void *)ul_conntrack; - ip_conntrack_event(IPCT_DESTROY, ct); write_lock_bh(&ip_conntrack_lock); /* Inside lock so preempt is disabled on module removal path. * Otherwise we can get spurious warnings. */ |