X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fip_conntrack_core.c;h=67c2fd2a5335fcefceb0c582f37389400164b204;hb=1be35e94e1da3669db492995cd2c8b1a37016b11;hp=05fbb43cc0a57552936a1a74ef89af5c693b5121;hpb=a91482bdcc2e0f6035702e46f1b99043a0893346;p=linux-2.6.git diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c index 05fbb43cc..67c2fd2a5 100644 --- a/net/ipv4/netfilter/ip_conntrack_core.c +++ b/net/ipv4/netfilter/ip_conntrack_core.c @@ -28,7 +28,6 @@ #include #include #include -#include #include #include #include @@ -174,12 +173,13 @@ static void destroy_expect(struct ip_conntrack_expect *exp) { DEBUGP("destroy_expect(%p) use=%d\n", exp, atomic_read(&exp->use)); - IP_NF_ASSERT(atomic_read(&exp->use) == 0); + IP_NF_ASSERT(atomic_read(&exp->use)); IP_NF_ASSERT(!timer_pending(&exp->timeout)); kfree(exp); } + inline void ip_conntrack_expect_put(struct ip_conntrack_expect *exp) { IP_NF_ASSERT(exp); @@ -670,10 +670,8 @@ init_conntrack(const struct ip_conntrack_tuple *tuple, conntrack->ct_general.destroy = destroy_conntrack; conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *tuple; conntrack->tuplehash[IP_CT_DIR_ORIGINAL].ctrack = conntrack; - conntrack->xid[IP_CT_DIR_ORIGINAL] = -1; conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = repl_tuple; conntrack->tuplehash[IP_CT_DIR_REPLY].ctrack = conntrack; - conntrack->xid[IP_CT_DIR_REPLY] = -1; for (i=0; i < IP_CT_NUMBER; i++) conntrack->infos[i].master = &conntrack->ct_general; @@ -717,6 +715,7 @@ init_conntrack(const struct ip_conntrack_tuple *tuple, DEBUGP("conntrack: expectation arrives ct=%p exp=%p\n", conntrack, expected); /* Welcome, Mr. Bond. We've been expecting you... */ + IP_NF_ASSERT(master_ct(conntrack)); __set_bit(IPS_EXPECTED_BIT, &conntrack->status); conntrack->master = expected; expected->sibling = conntrack; @@ -949,8 +948,9 @@ ip_conntrack_expect_insert(struct ip_conntrack_expect *new, atomic_set(&new->use, 1); /* add to expected list for this connection */ - list_add_tail(&new->expected_list, &related_to->sibling_list); + list_add(&new->expected_list, &related_to->sibling_list); /* add to global list of expectations */ + list_prepend(&ip_conntrack_expect_list, &new->list); /* add and start timer if required */ if (related_to->helper->timeout) { @@ -1004,6 +1004,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect, } else if (related_to->helper->max_expected && related_to->expecting >= related_to->helper->max_expected) { + struct list_head *cur_item; /* old == NULL */ if (!(related_to->helper->flags & IP_CT_HELPER_F_REUSE_EXPECT)) { @@ -1029,14 +1030,21 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect, NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip)); /* choose the the oldest expectation to evict */ - list_for_each_entry(old, &related_to->sibling_list, - expected_list) - if (old->sibling == NULL) + list_for_each(cur_item, &related_to->sibling_list) { + struct ip_conntrack_expect *cur; + + cur = list_entry(cur_item, + struct ip_conntrack_expect, + expected_list); + if (cur->sibling == NULL) { + old = cur; break; + } + } - /* We cannot fail since related_to->expecting is the number - * of unconfirmed expectations */ - IP_NF_ASSERT(old && old->sibling == NULL); + /* (!old) cannot happen, since related_to->expecting is the + * number of unconfirmed expects */ + IP_NF_ASSERT(old); /* newnat14 does not reuse the real allocated memory * structures but rather unexpects the old and