netfilter: nf_conntrack: fix a race in __nf_conntrack_confirm against nf_ct_get_next_corpse() - wireguard-linux

diff options

author	Joerg Marx <joerg.marx@secunet.com>	2010-05-20 15:55:30 +0200
committer	Patrick McHardy <kaber@trash.net>	2010-05-20 15:55:30 +0200
commit	fc350777c705a39a312728ac5e8a6f164a828f5d (patch)
tree	62aa121cd62e416a505d35de9b5d77ab8ae89f66 /lib/bug.c
parent	netfilter: nf_ct_sip: handle non-linear skbs (diff)
download	wireguard-linux-fc350777c705a39a312728ac5e8a6f164a828f5d.tar.xz wireguard-linux-fc350777c705a39a312728ac5e8a6f164a828f5d.zip

netfilter: nf_conntrack: fix a race in __nf_conntrack_confirm against nf_ct_get_next_corpse()

This race was triggered by a 'conntrack -F' command running in parallel to the insertion of a hash for a new connection. Losing this race led to a dead conntrack entry effectively blocking traffic for a particular connection until timeout or flushing the conntrack hashes again. Now the check for an already dying connection is done inside the lock. Signed-off-by: Joerg Marx <joerg.marx@secunet.com> Signed-off-by: Patrick McHardy <kaber@trash.net>

Diffstat (limited to 'lib/bug.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: