patch-2.4.19 linux-2.4.19/net/ipv4/netfilter/ip_conntrack_core.c
Next file: linux-2.4.19/net/ipv4/netfilter/ip_conntrack_proto_generic.c
Previous file: linux-2.4.19/net/ipv4/netfilter/arptable_filter.c
Back to the patch index
Back to the overall index
- Lines: 35
- Date:
Fri Aug 2 17:39:46 2002
- Orig file:
linux-2.4.18/net/ipv4/netfilter/ip_conntrack_core.c
- Orig date:
Tue Aug 7 08:30:50 2001
diff -urN linux-2.4.18/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.19/net/ipv4/netfilter/ip_conntrack_core.c
@@ -175,6 +175,7 @@
destroy_conntrack(struct nf_conntrack *nfct)
{
struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
+ struct ip_conntrack_protocol *proto;
IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
IP_NF_ASSERT(!timer_pending(&ct->timeout));
@@ -182,6 +183,13 @@
if (ct->master.master)
nf_conntrack_put(&ct->master);
+ /* To make sure we don't get any weird locking issues here:
+ * destroy_conntrack() MUST NOT be called with a write lock
+ * to ip_conntrack_lock!!! -HW */
+ proto = find_proto(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
+ if (proto && proto->destroy)
+ proto->destroy(ct);
+
if (ip_conntrack_destroyed)
ip_conntrack_destroyed(ct);
kmem_cache_free(ip_conntrack_cachep, ct);
@@ -489,9 +497,9 @@
/* Try dropping from random chain, or else from the
chain about to put into (in case they're trying to
bomb one hash chain). */
- if (drop_next >= ip_conntrack_htable_size)
- drop_next = 0;
- if (!early_drop(&ip_conntrack_hash[drop_next++])
+ unsigned int next = (drop_next++)%ip_conntrack_htable_size;
+
+ if (!early_drop(&ip_conntrack_hash[next])
&& !early_drop(&ip_conntrack_hash[hash])) {
if (net_ratelimit())
printk(KERN_WARNING
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)