[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

New extensions may only be added to unconfirmed conntracks to avoid races
when reallocating the storage.

Also change NF_CT_ASSERT to use WARN_ON to get backtraces.

Signed-off-by: Patrick McHardy <kaber@trash.net>

Patrick McHardy 18 years ago 55871d04 8c87238b

+4 -8

2 changed files

expand all

include

net

netfilter

nf_conntrack.h

net

netfilter

nf_conntrack_extend.c

+1 -8

include/net/netfilter/nf_conntrack.h

··· 65 65 #include <linux/timer.h> 66 66 67 67 #ifdef CONFIG_NETFILTER_DEBUG 68 - #define NF_CT_ASSERT(x) \ 69 - do { \ 70 - if (!(x)) \ 71 - /* Wooah! I'm tripping my conntrack in a frenzy of \ 72 - netplay... */ \ 73 - printk("NF_CT_ASSERT: %s:%i(%s)\n", \ 74 - __FILE__, __LINE__, __FUNCTION__); \ 75 - } while(0) 68 + #define NF_CT_ASSERT(x) WARN_ON(!(x)) 76 69 #else 77 70 #define NF_CT_ASSERT(x) 78 71 #endif

net/netfilter/nf_conntrack_extend.c

··· 71 71 int i, newlen, newoff; 72 72 struct nf_ct_ext_type *t; 73 73 74 + /* Conntrack must not be confirmed to avoid races on reallocation. */ 75 + NF_CT_ASSERT(!nf_ct_is_confirmed(ct)); 76 + 74 77 if (!ct->ext) 75 78 return nf_ct_ext_create(&ct->ext, id, gfp); 76 79