aboutsummaryrefslogtreecommitdiff
path: root/net/ipv4
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-07-09 15:06:12 -0700
committerDavid S. Miller <davem@davemloft.net>2008-07-09 15:06:12 -0700
commit6b69fe0c73c0f5a8dacf8f889db3cc9adee53649 (patch)
tree94334a28c9db60981a72478b18d54fccd353f7ff /net/ipv4
parent32e8d4948bb0b5f3f0ac5cdb71d0ac8e305b29a5 (diff)
netfilter: nf_conntrack_tcp: fix endless loop
When a conntrack entry is destroyed in process context and destruction is interrupted by packet processing and the packet is an attempt to reopen a closed connection, TCP conntrack tries to kill the old entry itself and returns NF_REPEAT to pass the packet through the hook again. This may lead to an endless loop: TCP conntrack repeatedly finds the old entry, but can not kill it itself since destruction is already in progress, but destruction in process context can not complete since TCP conntrack is keeping the CPU busy. Drop the packet in TCP conntrack if we can't kill the connection ourselves to avoid this. Reported by: hemao77@gmail.com [ Kernel bugzilla #11058 ] Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
0 files changed, 0 insertions, 0 deletions