patch-2.4.19 linux-2.4.19/net/ipv4/netfilter/ip_conntrack_core.c

• Lines: 35
• Date: Fri Aug 2 17:39:46 2002
• Orig file: linux-2.4.18/net/ipv4/netfilter/ip_conntrack_core.c
• Orig date: Tue Aug 7 08:30:50 2001

diff -urN linux-2.4.18/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.19/net/ipv4/netfilter/ip_conntrack_core.c
@@ -175,6 +175,7 @@
 destroy_conntrack(struct nf_conntrack *nfct)
 {
 	struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
+	struct ip_conntrack_protocol *proto;
 
 	IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
 	IP_NF_ASSERT(!timer_pending(&ct->timeout));
@@ -182,6 +183,13 @@
 	if (ct->master.master)
 		nf_conntrack_put(&ct->master);
 
+	/* To make sure we don't get any weird locking issues here:
+	 * destroy_conntrack() MUST NOT be called with a write lock
+	 * to ip_conntrack_lock!!! -HW */
+	proto = find_proto(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
+	if (proto && proto->destroy)
+		proto->destroy(ct);
+
 	if (ip_conntrack_destroyed)
 		ip_conntrack_destroyed(ct);
 	kmem_cache_free(ip_conntrack_cachep, ct);
@@ -489,9 +497,9 @@
 		/* Try dropping from random chain, or else from the
                    chain about to put into (in case they're trying to
                    bomb one hash chain). */
-		if (drop_next >= ip_conntrack_htable_size)
-			drop_next = 0;
-		if (!early_drop(&ip_conntrack_hash[drop_next++])
+		unsigned int next = (drop_next++)%ip_conntrack_htable_size;
+
+		if (!early_drop(&ip_conntrack_hash[next])
 		    && !early_drop(&ip_conntrack_hash[hash])) {
 			if (net_ratelimit())
 				printk(KERN_WARNING