netfilter: nf_conntrack: fix racy timer handling with reliable events
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 29 Aug 2012 16:25:49 +0000 (16:25 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 21 Oct 2012 16:28:00 +0000 (09:28 -0700)
commit7fcbcdc96302e9d3e3b36df4fbc86a4c82761092
tree770030ce43176a21b837307e7f8a4474d95d7296
parent486aaeb0b972820ed704bdf416270ec4b0950da3
netfilter: nf_conntrack: fix racy timer handling with reliable events

commit 5b423f6a40a0327f9d40bc8b97ce9be266f74368 upstream.

Existing code assumes that del_timer returns true for alive conntrack
entries. However, this is not true if reliable events are enabled.
In that case, del_timer may return true for entries that were
just inserted in the dying list. Note that packets / ctnetlink may
hold references to conntrack entries that were just inserted to such
list.

This patch fixes the issue by adding an independent timer for
event delivery. This increases the size of the ecache extension.
Still we can revisit this later and use variable size extensions
to allocate this area on demand.

Tested-by: Oliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
include/net/netfilter/nf_conntrack_ecache.h
net/netfilter/nf_conntrack_core.c