[NETFILTER]: Don't increase master refcount on expectations

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

As it's been discussed [1][2]. We shouldn't increase the master conntrack
refcount for non-fulfilled conntracks. During the conntrack destruction,
the expectations are always killed before the conntrack itself, this
guarantees that there won't be any orphan expectation.

[1]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020783.html
[2]https://lists.netfilter.org/pipermail/netfilter-devel/2005-August/020904.html

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Pablo Neira Ayuso and committed by

David S. Miller 20 years ago 91c46e2e e7dfb09a

+4 -4

1 changed file

expand all

net

ipv4

netfilter

ip_conntrack_core.c

+4 -4

net/ipv4/netfilter/ip_conntrack_core.c

··· 938 938 write_unlock_bh(&ip_conntrack_lock); 939 939 } 940 940 941 + /* We don't increase the master conntrack refcount for non-fulfilled 942 + * conntracks. During the conntrack destruction, the expectations are 943 + * always killed before the conntrack itself */ 941 944 struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me) 942 945 { 943 946 struct ip_conntrack_expect *new; ··· 951 948 return NULL; 952 949 } 953 950 new->master = me; 954 - atomic_inc(&new->master->ct_general.use); 955 951 atomic_set(&new->use, 1); 956 952 return new; 957 953 } 958 954 959 955 void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) 960 956 { 961 - if (atomic_dec_and_test(&exp->use)) { 962 - ip_conntrack_put(exp->master); 957 + if (atomic_dec_and_test(&exp->use)) 963 958 kmem_cache_free(ip_conntrack_expect_cachep, exp); 964 - } 965 959 } 966 960 967 961 static void ip_conntrack_expect_insert(struct ip_conntrack_expect *exp)