[NETFILTER]: nf_conntrack_extend: warn on confirmed conntracks
authorPatrick McHardy <kaber@trash.net>
Mon, 14 Apr 2008 09:15:51 +0000 (11:15 +0200)
committerPatrick McHardy <kaber@trash.net>
Mon, 14 Apr 2008 09:15:51 +0000 (11:15 +0200)
New extensions may only be added to unconfirmed conntracks to avoid races
when reallocating the storage.

Also change NF_CT_ASSERT to use WARN_ON to get backtraces.

Signed-off-by: Patrick McHardy <kaber@trash.net>
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_extend.c

index bb9fc852e973ad005485cf478eb5605e8ca44664..4a0496aa32d553dc41534a3ff90cbe5126d2a5f6 100644 (file)
@@ -65,14 +65,7 @@ union nf_conntrack_help {
 #include <linux/timer.h>
 
 #ifdef CONFIG_NETFILTER_DEBUG
-#define NF_CT_ASSERT(x)                                                        \
-do {                                                                   \
-       if (!(x))                                                       \
-               /* Wooah!  I'm tripping my conntrack in a frenzy of     \
-                  netplay... */                                        \
-               printk("NF_CT_ASSERT: %s:%i(%s)\n",                     \
-                      __FILE__, __LINE__, __FUNCTION__);               \
-} while(0)
+#define NF_CT_ASSERT(x)                WARN_ON(!(x))
 #else
 #define NF_CT_ASSERT(x)
 #endif
index 2bd9963b5b3ea4cf26d4abde679a72e8b28421a7..bcc19fa4ed1e07ab4277f7c02c933235cd0dc261 100644 (file)
@@ -71,6 +71,9 @@ void *__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)
        int i, newlen, newoff;
        struct nf_ct_ext_type *t;
 
+       /* Conntrack must not be confirmed to avoid races on reallocation. */
+       NF_CT_ASSERT(!nf_ct_is_confirmed(ct));
+
        if (!ct->ext)
                return nf_ct_ext_create(&ct->ext, id, gfp);