mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-10-20 02:19:01 +00:00
a86888b925
refcnt underflow: the reference count is decremented when a conntrack entry is removed from the hash but it is not incremented when entering new entries. missing protection of process context against softirq context: all cache operations need to locally disable softirqs to avoid races. Additionally the event cache can't be initialized when a packet enteres the conntrack code but needs to be initialized whenever we cache an event and the stored conntrack entry doesn't match the current one. incorrect flushing of the event cache in ip_ct_iterate_cleanup: without real locking we can't flush the cache for different CPUs without incurring races. The cache for different CPUs can only be flushed when no packets are going through the code. ip_ct_iterate_cleanup doesn't need to drop all references, so flushing is moved to the cleanup path. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
61 lines
1.8 KiB
C
61 lines
1.8 KiB
C
#ifndef _IP_CONNTRACK_CORE_H
|
|
#define _IP_CONNTRACK_CORE_H
|
|
#include <linux/netfilter.h>
|
|
|
|
#define MAX_IP_CT_PROTO 256
|
|
extern struct ip_conntrack_protocol *ip_ct_protos[MAX_IP_CT_PROTO];
|
|
|
|
/* This header is used to share core functionality between the
|
|
standalone connection tracking module, and the compatibility layer's use
|
|
of connection tracking. */
|
|
extern unsigned int ip_conntrack_in(unsigned int hooknum,
|
|
struct sk_buff **pskb,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
int (*okfn)(struct sk_buff *));
|
|
|
|
extern int ip_conntrack_init(void);
|
|
extern void ip_conntrack_cleanup(void);
|
|
|
|
struct ip_conntrack_protocol;
|
|
|
|
extern int
|
|
ip_ct_get_tuple(const struct iphdr *iph,
|
|
const struct sk_buff *skb,
|
|
unsigned int dataoff,
|
|
struct ip_conntrack_tuple *tuple,
|
|
const struct ip_conntrack_protocol *protocol);
|
|
|
|
extern int
|
|
ip_ct_invert_tuple(struct ip_conntrack_tuple *inverse,
|
|
const struct ip_conntrack_tuple *orig,
|
|
const struct ip_conntrack_protocol *protocol);
|
|
|
|
/* Find a connection corresponding to a tuple. */
|
|
struct ip_conntrack_tuple_hash *
|
|
ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
|
|
const struct ip_conntrack *ignored_conntrack);
|
|
|
|
extern int __ip_conntrack_confirm(struct sk_buff **pskb);
|
|
|
|
/* Confirm a connection: returns NF_DROP if packet must be dropped. */
|
|
static inline int ip_conntrack_confirm(struct sk_buff **pskb)
|
|
{
|
|
struct ip_conntrack *ct = (struct ip_conntrack *)(*pskb)->nfct;
|
|
int ret = NF_ACCEPT;
|
|
|
|
if (ct) {
|
|
if (!is_confirmed(ct))
|
|
ret = __ip_conntrack_confirm(pskb);
|
|
ip_ct_deliver_cached_events(ct);
|
|
}
|
|
return ret;
|
|
}
|
|
|
|
extern void __ip_ct_expect_unlink_destroy(struct ip_conntrack_expect *exp);
|
|
|
|
extern struct list_head *ip_conntrack_hash;
|
|
extern struct list_head ip_conntrack_expect_list;
|
|
extern rwlock_t ip_conntrack_lock;
|
|
#endif /* _IP_CONNTRACK_CORE_H */
|
|
|