diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-11 18:35:03 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-11 18:35:03 +0100 |
| commit | 98154b7d83d1493ba9c2d1b0a8e4b39b635e3082 (patch) | |
| tree | 896a62636091f87696cbc91bb46f14708273edcd /src/cache_wt.c | |
| parent | dc544c894eddf90a77d49565673ea7eb216b3e44 (diff) | |
| download | conntrack-tools-98154b7d83d1493ba9c2d1b0a8e4b39b635e3082.tar.gz conntrack-tools-98154b7d83d1493ba9c2d1b0a8e4b39b635e3082.zip | |
netlink: fix EILSEQ error messages due to process race condition
This patch fixes a race condition that triggers EILSEQ errors
(wrong sequence message). The problems is triggered when the child
process resets the timers at the same time that the parent process
requests a resync. Since both the child and the parent process use
the same descriptors, the sequence tracking code in libnfnetlink
gets confused as it considers that it is receiving out of sequence
netlink messages.
This patch introduces internal handlers to commit and reset timers
so that the parent and the child do not use the same descriptors
to operate with the kernel.
This patch changes the prototype of all nf_*_conntrack() functions.
Now, the nfct handler is passed as first parameter, this change is
required to fix this problem. The rest of the changes on the API
is done for consistency.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/cache_wt.c')
| -rw-r--r-- | src/cache_wt.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/cache_wt.c b/src/cache_wt.c index 65a1fc4..d0ae8bb 100644 --- a/src/cache_wt.c +++ b/src/cache_wt.c @@ -31,7 +31,7 @@ static void add_wt(struct us_conntrack *u) char __ct[nfct_maxsize()]; struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct; - ret = nl_exist_conntrack(u->ct); + ret = nl_exist_conntrack(STATE(request), u->ct); switch (ret) { case -1: dlog(LOG_ERR, "cache_wt problem: %s", strerror(errno)); @@ -39,14 +39,14 @@ static void add_wt(struct us_conntrack *u) break; case 0: memcpy(ct, u->ct, nfct_maxsize()); - if (nl_create_conntrack(ct) == -1) { + if (nl_create_conntrack(STATE(dump), ct) == -1) { dlog(LOG_ERR, "cache_wt create: %s", strerror(errno)); dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN); } break; case 1: memcpy(ct, u->ct, nfct_maxsize()); - if (nl_update_conntrack(ct) == -1) { + if (nl_update_conntrack(STATE(dump), ct) == -1) { dlog(LOG_ERR, "cache_wt crt-upd: %s", strerror(errno)); dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN); } @@ -61,7 +61,7 @@ static void upd_wt(struct us_conntrack *u) memcpy(ct, u->ct, nfct_maxsize()); - if (nl_update_conntrack(ct) == -1) { + if (nl_update_conntrack(STATE(dump), ct) == -1) { dlog(LOG_ERR, "cache_wt update:%s", strerror(errno)); dlog_ct(STATE(log), u->ct, NFCT_O_PLAIN); } @@ -79,7 +79,7 @@ static void writethrough_update(struct us_conntrack *u, void *data) static void writethrough_destroy(struct us_conntrack *u, void *data) { - nl_destroy_conntrack(u->ct); + nl_destroy_conntrack(STATE(dump), u->ct); } struct cache_feature writethrough_feature = { |