Skip to content

L
linux
Commit 8ae511ab authored by Harald Welte's avatar Harald Welte Committed by David S. Miller
Browse files
Options

[NETFILTER]: Fix ip_nat_find_helper() locking. 

Signed-off-by: default avatarHarald Welte <laforge@netfilter.org>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent d7061912
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 2 deletions
include/linux/netfilter_ipv4/ip_nat_helper.h
View file @ 8ae511ab
...@@ -44,6 +44,9 @@ extern void ip_nat_helper_unregister(struct ip_nat_helper *me); ...@@ -44,6 +44,9 @@ extern void ip_nat_helper_unregister(struct ip_nat_helper *me);
extern struct ip_nat_helper * extern struct ip_nat_helper *
ip_nat_find_helper(const struct ip_conntrack_tuple *tuple); ip_nat_find_helper(const struct ip_conntrack_tuple *tuple);
extern struct ip_nat_helper *
__ip_nat_find_helper(const struct ip_conntrack_tuple *tuple);
/* These return true or false. */ /* These return true or false. */
extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb, extern int ip_nat_mangle_tcp_packet(struct sk_buff **skb,
struct ip_conntrack *ct, struct ip_conntrack *ct,
......
net/ipv4/netfilter/ip_nat_core.c
View file @ 8ae511ab
...@@ -635,7 +635,7 @@ ip_nat_setup_info(struct ip_conntrack *conntrack, ...@@ -635,7 +635,7 @@ ip_nat_setup_info(struct ip_conntrack *conntrack,
/* If there's a helper, assign it; based on new tuple. */ /* If there's a helper, assign it; based on new tuple. */
if (!conntrack->master) if (!conntrack->master)
info->helper = ip_nat_find_helper(&reply); info->helper = __ip_nat_find_helper(&reply);
/* It's done. */ /* It's done. */
info->initialized |= (1 << HOOK2MANIP(hooknum)); info->initialized |= (1 << HOOK2MANIP(hooknum));
......
net/ipv4/netfilter/ip_nat_helper.c
View file @ 8ae511ab
...@@ -420,13 +420,19 @@ int ip_nat_helper_register(struct ip_nat_helper *me) ...@@ -420,13 +420,19 @@ int ip_nat_helper_register(struct ip_nat_helper *me)
return ret; return ret;
} }
struct ip_nat_helper *
__ip_nat_find_helper(const struct ip_conntrack_tuple *tuple)
{
return LIST_FIND(&helpers, helper_cmp, struct ip_nat_helper *, tuple);
}
struct ip_nat_helper * struct ip_nat_helper *
ip_nat_find_helper(const struct ip_conntrack_tuple *tuple) ip_nat_find_helper(const struct ip_conntrack_tuple *tuple)
{ {
struct ip_nat_helper *h; struct ip_nat_helper *h;
READ_LOCK(&ip_nat_lock); READ_LOCK(&ip_nat_lock);
h = LIST_FIND(&helpers, helper_cmp, struct ip_nat_helper *, tuple); h = __ip_nat_find_helper(tuple);
READ_UNLOCK(&ip_nat_lock); READ_UNLOCK(&ip_nat_lock);
return h; return h;
......
net/ipv4/netfilter/ip_nat_standalone.c
View file @ 8ae511ab
...@@ -394,4 +394,6 @@ EXPORT_SYMBOL(ip_nat_cheat_check); ...@@ -394,4 +394,6 @@ EXPORT_SYMBOL(ip_nat_cheat_check);
EXPORT_SYMBOL(ip_nat_mangle_tcp_packet); EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
EXPORT_SYMBOL(ip_nat_mangle_udp_packet); EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
EXPORT_SYMBOL(ip_nat_used_tuple); EXPORT_SYMBOL(ip_nat_used_tuple);
EXPORT_SYMBOL(ip_nat_find_helper);
EXPORT_SYMBOL(__ip_nat_find_helper);
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7