Commit 158cb909 authored by Harald Welte's avatar Harald Welte Committed by Hideaki Yoshifuji

[NETFILTER]: Prevent orphan expectations.

This patch fixes orphaned expectations, which can occur when helpers create
expectations for unconfirmed conntracks and the packet is dropped before
the conntrack is confirmed.
Signed-off-by: default avatarPhil Oester <kernel@linuxace.com>
Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 9a8d198e
...@@ -324,8 +324,9 @@ destroy_conntrack(struct nf_conntrack *nfct) ...@@ -324,8 +324,9 @@ destroy_conntrack(struct nf_conntrack *nfct)
ip_conntrack_destroyed(ct); ip_conntrack_destroyed(ct);
WRITE_LOCK(&ip_conntrack_lock); WRITE_LOCK(&ip_conntrack_lock);
/* Delete us from our own list to prevent corruption later */ /* Make sure don't leave any orphaned expectations lying around */
list_del(&ct->sibling_list); if (ct->expecting)
remove_expectations(ct, 1);
/* Delete our master expectation */ /* Delete our master expectation */
if (ct->master) { if (ct->master) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment