Commit c6e56994 authored by Harald Welte's avatar Harald Welte Committed by David S. Miller

net/ipv4/netfilter/ip_conntrack_core.c: Fix ip_conntrack_change_expect locking.

parent 1fc9d1fb
...@@ -1061,7 +1061,10 @@ int ip_conntrack_expect_related(struct ip_conntrack *related_to, ...@@ -1061,7 +1061,10 @@ int ip_conntrack_expect_related(struct ip_conntrack *related_to,
int ip_conntrack_change_expect(struct ip_conntrack_expect *expect, int ip_conntrack_change_expect(struct ip_conntrack_expect *expect,
struct ip_conntrack_tuple *newtuple) struct ip_conntrack_tuple *newtuple)
{ {
int ret;
MUST_BE_READ_LOCKED(&ip_conntrack_lock); MUST_BE_READ_LOCKED(&ip_conntrack_lock);
WRITE_LOCK(&ip_conntrack_expect_tuple_lock);
DEBUGP("change_expect:\n"); DEBUGP("change_expect:\n");
DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple); DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple);
...@@ -1074,26 +1077,25 @@ int ip_conntrack_change_expect(struct ip_conntrack_expect *expect, ...@@ -1074,26 +1077,25 @@ int ip_conntrack_change_expect(struct ip_conntrack_expect *expect,
&& LIST_FIND(&ip_conntrack_expect_list, expect_clash, && LIST_FIND(&ip_conntrack_expect_list, expect_clash,
struct ip_conntrack_expect *, newtuple, &expect->mask)) { struct ip_conntrack_expect *, newtuple, &expect->mask)) {
/* Force NAT to find an unused tuple */ /* Force NAT to find an unused tuple */
return -1; ret = -1;
} else { } else {
WRITE_LOCK(&ip_conntrack_expect_tuple_lock);
memcpy(&expect->ct_tuple, &expect->tuple, sizeof(expect->tuple)); memcpy(&expect->ct_tuple, &expect->tuple, sizeof(expect->tuple));
memcpy(&expect->tuple, newtuple, sizeof(expect->tuple)); memcpy(&expect->tuple, newtuple, sizeof(expect->tuple));
WRITE_UNLOCK(&ip_conntrack_expect_tuple_lock); ret = 0;
return 0;
} }
} else { } else {
/* Resent packet */ /* Resent packet */
DEBUGP("change expect: resent packet\n"); DEBUGP("change expect: resent packet\n");
if (ip_ct_tuple_equal(&expect->tuple, newtuple)) { if (ip_ct_tuple_equal(&expect->tuple, newtuple)) {
return 0; ret = 0;
} else { } else {
/* Force NAT to choose again the same port */ /* Force NAT to choose again the same port */
return -1; ret = -1;
} }
} }
WRITE_UNLOCK(&ip_conntrack_expect_tuple_lock);
return -1; return ret;
} }
/* Alter reply tuple (maybe alter helper). If it's already taken, /* Alter reply tuple (maybe alter helper). If it's already taken,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment