kernel-fxtec-pro1x/include/net/netfilter
Pablo Neira Ayuso 70e9942f17 netfilter: nf_conntrack: make event callback registration per-netns
This patch fixes an oops that can be triggered following this recipe:

0) make sure nf_conntrack_netlink and nf_conntrack_ipv4 are loaded.
1) container is started.
2) connect to it via lxc-console.
3) generate some traffic with the container to create some conntrack
   entries in its table.
4) stop the container: you hit one oops because the conntrack table
   cleanup tries to report the destroy event to user-space but the
   per-netns nfnetlink socket has already gone (as the nfnetlink
   socket is per-netns but event callback registration is global).

To fix this situation, we make the ctnl_notifier per-netns so the
callback is registered/unregistered if the container is
created/destroyed.

Alex Bligh and Alexey Dobriyan originally proposed one small patch to
check if the nfnetlink socket is gone in nfnetlink_has_listeners,
but this is a very visited path for events, thus, it may reduce
performance and it looks a bit hackish to check for the nfnetlink
socket only to workaround this situation. As a result, I decided
to follow the bigger path choice, which seems to look nicer to me.

Cc: Alexey Dobriyan <adobriyan@gmail.com>
Reported-by: Alex Bligh <alex@alex.org.uk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2011-11-22 00:34:47 +01:00
..
ipv4
ipv6 netfilter: fix compilation when conntrack is disabled but tproxy is enabled 2011-01-12 20:25:08 +01:00
nf_conntrack.h nf_conntrack.h: fix up fallout from implicit moduleparam.h presence 2011-10-31 19:32:33 -04:00
nf_conntrack_acct.h
nf_conntrack_core.h
nf_conntrack_ecache.h netfilter: nf_conntrack: make event callback registration per-netns 2011-11-22 00:34:47 +01:00
nf_conntrack_expect.h
nf_conntrack_extend.h netfilter: nf_conntrack_tstamp: add flow-based timestamp extension 2011-01-19 16:00:07 +01:00
nf_conntrack_helper.h netfilter: nf_conntrack: nf_conntrack snmp helper 2011-01-18 18:12:24 +01:00
nf_conntrack_l3proto.h netfilter: add __rcu annotations 2010-11-15 18:17:21 +01:00
nf_conntrack_l4proto.h
nf_conntrack_timestamp.h netfilter: nf_conntrack: fix linker error with NF_CONNTRACK_TIMESTAMP=n 2011-01-20 20:46:52 +01:00
nf_conntrack_tuple.h netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h 2011-11-01 09:19:52 +01:00
nf_conntrack_zones.h
nf_log.h treewide: use __printf not __attribute__((format(printf,...))) 2011-10-31 17:30:54 -07:00
nf_nat.h netfilter: export NAT definitions through linux/netfilter_ipv4/nf_nat.h 2011-11-01 09:19:52 +01:00
nf_nat_core.h netfilter: nf_nat: fix conversion to non-atomic bit ops 2011-01-18 15:02:48 +01:00
nf_nat_helper.h
nf_nat_protocol.h
nf_nat_rule.h
nf_queue.h
nf_tproxy_core.h netfilter: tproxy: do not assign timewait sockets to skb->sk 2011-02-17 11:32:38 +01:00
nfnetlink_log.h
xt_log.h
xt_rateest.h