Skip to content
  1. Aug 31, 2012
    • Pablo Neira Ayuso's avatar
      netfilter: nf_conntrack: fix racy timer handling with reliable events · 5b423f6a
      Pablo Neira Ayuso authored
      
      
      Existing code assumes that del_timer returns true for alive conntrack
      entries. However, this is not true if reliable events are enabled.
      In that case, del_timer may return true for entries that were
      just inserted in the dying list. Note that packets / ctnetlink may
      hold references to conntrack entries that were just inserted to such
      list.
      
      This patch fixes the issue by adding an independent timer for
      event delivery. This increases the size of the ecache extension.
      Still we can revisit this later and use variable size extensions
      to allocate this area on demand.
      
      Tested-by: default avatarOliver Smith <olipro@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      5b423f6a
    • Pablo Neira Ayuso's avatar
      netfilter: nf_nat_sip: fix incorrect handling of EBUSY for RTCP expectation · 3f509c68
      Pablo Neira Ayuso authored
      
      
      We're hitting bug while trying to reinsert an already existing
      expectation:
      
      kernel BUG at kernel/timer.c:895!
      invalid opcode: 0000 [#1] SMP
      [...]
      Call Trace:
       <IRQ>
       [<ffffffffa0069563>] nf_ct_expect_related_report+0x4a0/0x57a [nf_conntrack]
       [<ffffffff812d423a>] ? in4_pton+0x72/0x131
       [<ffffffffa00ca69e>] ip_nat_sdp_media+0xeb/0x185 [nf_nat_sip]
       [<ffffffffa00b5b9b>] set_expected_rtp_rtcp+0x32d/0x39b [nf_conntrack_sip]
       [<ffffffffa00b5f15>] process_sdp+0x30c/0x3ec [nf_conntrack_sip]
       [<ffffffff8103f1eb>] ? irq_exit+0x9a/0x9c
       [<ffffffffa00ca738>] ? ip_nat_sdp_media+0x185/0x185 [nf_nat_sip]
      
      We have to remove the RTP expectation if the RTCP expectation hits EBUSY
      since we keep trying with other ports until we succeed.
      
      Reported-by: default avatarRafal Fitt <rafalf@aplusc.com.pl>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      3f509c68
  2. Aug 30, 2012
  3. Aug 20, 2012
  4. Aug 17, 2012
  5. Aug 16, 2012