aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/netfilter/ip_nat_core.c
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-02-12 11:12:40 -0800
committerDavid S. Miller <davem@davemloft.net>2007-02-12 11:12:40 -0800
commit642d628b2c92e5283bbd3c849c7099c64ab68856 (patch)
tree349ed55d878ce0a6ea8ac207d15a344d3d302aa3 /net/ipv4/netfilter/ip_nat_core.c
parent[NETFILTER]: nf_nat: properly use RCU API for nf_nat_protos array (diff)
downloadlinux-dev-642d628b2c92e5283bbd3c849c7099c64ab68856.tar.xz
linux-dev-642d628b2c92e5283bbd3c849c7099c64ab68856.zip
[NETFILTER]: ip_conntrack: properly use RCU API for ip_ct_protos array
Replace preempt_{enable,disable} based RCU by proper use of the RCU API and add missing rcu_read_lock/rcu_read_unlock calls in all paths not obviously only used within packet process context (nfnetlink_conntrack). Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/ip_nat_core.c')
-rw-r--r--net/ipv4/netfilter/ip_nat_core.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index 85ae0cabc8b5..18daabc22069 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -420,6 +420,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
struct icmphdr icmp;
struct iphdr ip;
} *inside;
+ struct ip_conntrack_protocol *proto;
struct ip_conntrack_tuple inner, target;
int hdrlen = (*pskb)->nh.iph->ihl * 4;
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
@@ -455,10 +456,11 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
DEBUGP("icmp_reply_translation: translating error %p manp %u dir %s\n",
*pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
+ /* rcu_read_lock()ed by nf_hook_slow */
+ proto = __ip_conntrack_proto_find(inside->ip.protocol);
if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 +
sizeof(struct icmphdr) + inside->ip.ihl*4,
- &inner,
- __ip_conntrack_proto_find(inside->ip.protocol)))
+ &inner, proto))
return 0;
/* Change inner back to look like incoming packet. We do the