70e9942f17
This patch fixes an oops that can be triggered following this recipe: 0) make sure nf_conntrack_netlink and nf_conntrack_ipv4 are loaded. 1) container is started. 2) connect to it via lxc-console. 3) generate some traffic with the container to create some conntrack entries in its table. 4) stop the container: you hit one oops because the conntrack table cleanup tries to report the destroy event to user-space but the per-netns nfnetlink socket has already gone (as the nfnetlink socket is per-netns but event callback registration is global). To fix this situation, we make the ctnl_notifier per-netns so the callback is registered/unregistered if the container is created/destroyed. Alex Bligh and Alexey Dobriyan originally proposed one small patch to check if the nfnetlink socket is gone in nfnetlink_has_listeners, but this is a very visited path for events, thus, it may reduce performance and it looks a bit hackish to check for the nfnetlink socket only to workaround this situation. As a result, I decided to follow the bigger path choice, which seems to look nicer to me. Cc: Alexey Dobriyan <adobriyan@gmail.com> Reported-by: Alex Bligh <alex@alex.org.uk> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
37 lines
1 KiB
C
37 lines
1 KiB
C
#ifndef __NETNS_CONNTRACK_H
|
|
#define __NETNS_CONNTRACK_H
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/list_nulls.h>
|
|
#include <linux/atomic.h>
|
|
|
|
struct ctl_table_header;
|
|
struct nf_conntrack_ecache;
|
|
|
|
struct netns_ct {
|
|
atomic_t count;
|
|
unsigned int expect_count;
|
|
unsigned int htable_size;
|
|
struct kmem_cache *nf_conntrack_cachep;
|
|
struct hlist_nulls_head *hash;
|
|
struct hlist_head *expect_hash;
|
|
struct hlist_nulls_head unconfirmed;
|
|
struct hlist_nulls_head dying;
|
|
struct ip_conntrack_stat __percpu *stat;
|
|
struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;
|
|
struct nf_exp_event_notifier __rcu *nf_expect_event_cb;
|
|
int sysctl_events;
|
|
unsigned int sysctl_events_retry_timeout;
|
|
int sysctl_acct;
|
|
int sysctl_tstamp;
|
|
int sysctl_checksum;
|
|
unsigned int sysctl_log_invalid; /* Log invalid packets */
|
|
#ifdef CONFIG_SYSCTL
|
|
struct ctl_table_header *sysctl_header;
|
|
struct ctl_table_header *acct_sysctl_header;
|
|
struct ctl_table_header *tstamp_sysctl_header;
|
|
struct ctl_table_header *event_sysctl_header;
|
|
#endif
|
|
char *slabname;
|
|
};
|
|
#endif
|