summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2009-03-16 15:06:42 +0100
committerPatrick McHardy <kaber@trash.net>2009-03-16 15:06:42 +0100
commitb1e93a68ca41e7e73766f95ba32ca05cf9052e15 (patch)
tree6ace3ccb810bda4e3f5bc9bd20b103a53c97bb46
parent325fb5b4d26038cba665dd0d8ee09555321061f0 (diff)
netfilter: conntrack: don't deliver events for racy packets
This patch skips the delivery of conntrack events if the packet was drop due to a race condition in the conntrack insertion. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--include/net/netfilter/nf_conntrack_core.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index c25068e3851..5a449b44ba3 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -62,7 +62,8 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
if (ct && ct != &nf_conntrack_untracked) {
if (!nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct))
ret = __nf_conntrack_confirm(skb);
- nf_ct_deliver_cached_events(ct);
+ if (likely(ret == NF_ACCEPT))
+ nf_ct_deliver_cached_events(ct);
}
return ret;
}