Re: Linux 2.6.9-rc1

From: Harald Welte
Date: Wed Aug 25 2004 - 17:24:20 EST

Next message: Dave Jones: "Re: bizarre 2.6.8.1 /sys permissions"
Previous message: Francois Romieu: "Re: SMP kernel 2.6 does not work with my network cards. UP kernel works nice."
In reply to: Joshua Kwan: "Re: Linux 2.6.9-rc1"
Next in thread: Henrik Nordstrom: "Re: Linux 2.6.9-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Aug 25, 2004 at 11:52:30AM -0700, Joshua Kwan wrote:
> Linus Torvalds wrote:
> >Harald Welte:
> ...
> > o [NETFILTER]: Make 'helper' list of ip_nat_core static
> ...
>
> I suspect that this changeset[1] somehow caused this to happen (many
> times) in dmesg:
>
> ASSERT net/ipv4/netfilter/ip_nat_helper.c:428 &ip_nat_lock writelocked

yes, indeed.

> It seems to be working properly (NATting two machines behind a local
> network to the Internet.)

The 'problem' is that we try to get a readlock while we're already
protected under a write lock.

Please see the following [quite trivial, but yet untested] patch:

--- linux-2.6.9-rc1/net/ipv4/netfilter/ip_nat_core.c 2004-08-25 22:22:36.450340504 +0200
+++ linux-2.6.9-rc1-find_helper/net/ipv4/netfilter/ip_nat_core.c 2004-08-25 22:28:37.668273271 +0200
@@ -635,7 +635,7 @@

/* If there's a helper, assign it; based on new tuple. */
if (!conntrack->master)
- info->helper = ip_nat_find_helper(&reply);
+ info->helper = __ip_nat_find_helper(&reply);

/* It's done. */
info->initialized |= (1 << HOOK2MANIP(hooknum));
--- linux-2.6.9-rc1/net/ipv4/netfilter/ip_nat_helper.c 2004-08-25 22:22:36.453340376 +0200
+++ linux-2.6.9-rc1-find_helper/net/ipv4/netfilter/ip_nat_helper.c 2004-08-25 22:27:47.880335112 +0200
@@ -421,12 +421,18 @@
}

struct ip_nat_helper *
+__ip_nat_find_helper(const struct ip_conntrack_tuple *tuple)
+{
+ return LIST_FIND(&helpers, helper_cmp, struct ip_nat_helper *, tuple);
+}
+
+struct ip_nat_helper *
ip_nat_find_helper(const struct ip_conntrack_tuple *tuple)
{
struct ip_nat_helper *h;

READ_LOCK(&ip_nat_lock);
- h = LIST_FIND(&helpers, helper_cmp, struct ip_nat_helper *, tuple);
+ h = __ip_nat_find_helper(tuple);
READ_UNLOCK(&ip_nat_lock);

return h;
--- linux-2.6.9-rc1/net/ipv4/netfilter/ip_nat_standalone.c 2004-08-25 22:22:36.461340035 +0200
+++ linux-2.6.9-rc1-find_helper/net/ipv4/netfilter/ip_nat_standalone.c 2004-08-25 22:29:30.047102589 +0200
@@ -394,4 +394,5 @@
EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
EXPORT_SYMBOL(ip_nat_used_tuple);
+EXPORT_SYMBOL(ip_nat_find_helper);
MODULE_LICENSE("GPL");

--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie

Attachment: signature.asc
Description: Digital signature

Next message: Dave Jones: "Re: bizarre 2.6.8.1 /sys permissions"
Previous message: Francois Romieu: "Re: SMP kernel 2.6 does not work with my network cards. UP kernel works nice."
In reply to: Joshua Kwan: "Re: Linux 2.6.9-rc1"
Next in thread: Henrik Nordstrom: "Re: Linux 2.6.9-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]