On Sun, Aug 14, 2005 at 08:15:53PM -0600, Zwane Mwaikambo wrote: > Is the following patch correct? ip_conntrack_event_cache should never be > called with ip_conntrack_lock held and ct_add_counters does not need to be > called with ip_conntrack_lock held.
No, it's not correct. ct_add_countes has to be called from within write_lock_bh() on ip_conntrack_lock. So if you keep the ct_add_counters() call where it is and only apply the rest of your patch (i.e. deferring of ip_conntrack_event_cache() call), then I think your patch would work. However, the whole eventcache needs to be audited, it's called from a number of places. As Patrick wrote he's working on a solution, I'm not going to intervene or replicate his work. As a interim solution I'd suggest disabling CONFIG_IP_NF_CT_ACCT [which can't be vital anyway, since it was only added in net-2.6.14 (and thus -mm)]. Cheers, -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
pgp4mtnL5UmbM.pgp
Description: PGP signature
