iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of git://1984.lsi.us.es/net

Browse Source
This commit is contained in:
David S. Miller 2012-02-24 17:41:57 -05:00
commit e807e566e9
3 changed files with 39 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netfilter/nf_conntrack.h
View File

@ -209,7 +209,7 @@ extern struct nf_conntrack_tuple_hash *
__nf_conntrack_find(struct net *net, u16 zone, __nf_conntrack_find(struct net *net, u16 zone,
const struct nf_conntrack_tuple *tuple); const struct nf_conntrack_tuple *tuple);
extern void nf_conntrack_hash_insert(struct nf_conn *ct); extern int nf_conntrack_hash_check_insert(struct nf_conn *ct);
extern void nf_ct_delete_from_lists(struct nf_conn *ct); extern void nf_ct_delete_from_lists(struct nf_conn *ct);
extern void nf_ct_insert_dying_list(struct nf_conn *ct); extern void nf_ct_insert_dying_list(struct nf_conn *ct);

38
net/netfilter/nf_conntrack_core.c
View File

@ -404,19 +404,49 @@ static void __nf_conntrack_hash_insert(struct nf_conn *ct,
&net->ct.hash[repl_hash]); &net->ct.hash[repl_hash]);
} }
void nf_conntrack_hash_insert(struct nf_conn *ct) int
nf_conntrack_hash_check_insert(struct nf_conn *ct)
{ {
struct net *net = nf_ct_net(ct); struct net *net = nf_ct_net(ct);
unsigned int hash, repl_hash; unsigned int hash, repl_hash;
struct nf_conntrack_tuple_hash *h;
struct hlist_nulls_node *n;
u16 zone; u16 zone;
zone = nf_ct_zone(ct); zone = nf_ct_zone(ct);
hash = hash_conntrack(net, zone, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); hash = hash_conntrack(net, zone,
repl_hash = hash_conntrack(net, zone, &ct->tuplehash[IP_CT_DIR_REPLY].tuple); &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
repl_hash = hash_conntrack(net, zone,
&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
spin_lock_bh(&nf_conntrack_lock);
/* See if there's one in the list already, including reverse */
hlist_nulls_for_each_entry(h, n, &net->ct.hash[hash], hnnode)
if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
&h->tuple) &&
zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h)))
goto out;
hlist_nulls_for_each_entry(h, n, &net->ct.hash[repl_hash], hnnode)
if (nf_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_REPLY].tuple,
&h->tuple) &&
zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h)))
goto out;
add_timer(&ct->timeout);
nf_conntrack_get(&ct->ct_general);
__nf_conntrack_hash_insert(ct, hash, repl_hash); __nf_conntrack_hash_insert(ct, hash, repl_hash);
NF_CT_STAT_INC(net, insert);
spin_unlock_bh(&nf_conntrack_lock);
return 0;
out:
NF_CT_STAT_INC(net, insert_failed);
spin_unlock_bh(&nf_conntrack_lock);
return -EEXIST;
} }
EXPORT_SYMBOL_GPL(nf_conntrack_hash_insert); EXPORT_SYMBOL_GPL(nf_conntrack_hash_check_insert);
/* Confirm a connection given skb; places it in hash table */ /* Confirm a connection given skb; places it in hash table */
int int

11
net/netfilter/nf_conntrack_netlink.c
View File

@ -1465,11 +1465,10 @@ ctnetlink_create_conntrack(struct net *net, u16 zone,
if (tstamp) if (tstamp)
tstamp->start = ktime_to_ns(ktime_get_real()); tstamp->start = ktime_to_ns(ktime_get_real());
add_timer(&ct->timeout); err = nf_conntrack_hash_check_insert(ct);
spin_lock_bh(&nf_conntrack_lock); if (err < 0)
nf_conntrack_hash_insert(ct); goto err2;
nf_conntrack_get(&ct->ct_general);
spin_unlock_bh(&nf_conntrack_lock);
rcu_read_unlock(); rcu_read_unlock();
return ct; return ct;
@ -1511,12 +1510,10 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
return err; return err;
} }
spin_lock_bh(&nf_conntrack_lock);
if (cda[CTA_TUPLE_ORIG]) if (cda[CTA_TUPLE_ORIG])
h = nf_conntrack_find_get(net, zone, &otuple); h = nf_conntrack_find_get(net, zone, &otuple);
else if (cda[CTA_TUPLE_REPLY]) else if (cda[CTA_TUPLE_REPLY])
h = nf_conntrack_find_get(net, zone, &rtuple); h = nf_conntrack_find_get(net, zone, &rtuple);
spin_unlock_bh(&nf_conntrack_lock);
if (h == NULL) { if (h == NULL) {
err = -ENOENT; err = -ENOENT;