Liping Zhang wrote:
> Yes, here we should use clear_bit(IPS_SRC_NAT_DONE_BIT, &ct->status);
> (For IPS_DST_NAT_DONE, we don't care about it, so we can
> leave it unchanged.)
Oh, right.
> > Thats also broken(racy). We have to audit all the non-atomic writes of
> > ct->status and change them to s
Hi Florian,
2017-05-21 18:31 GMT+08:00 Florian Westphal :
> Liping Zhang wrote:
>> Hi Florian,
>>
>> 2017-05-21 16:15 GMT+08:00 Florian Westphal :
>> [...]
>> > this is broken for unconfirmed conntracks, as
>> > other cpu can reallocate the extension area.
>>
>> Right, I missed this point, thanks
Liping Zhang wrote:
> Hi Florian,
>
> 2017-05-21 16:15 GMT+08:00 Florian Westphal :
> [...]
> > this is broken for unconfirmed conntracks, as
> > other cpu can reallocate the extension area.
>
> Right, I missed this point, thanks for your reminder.
>
> > For the module removal case, we have no
Hi Florian,
2017-05-21 16:15 GMT+08:00 Florian Westphal :
[...]
> this is broken for unconfirmed conntracks, as
> other cpu can reallocate the extension area.
Right, I missed this point, thanks for your reminder.
> For the module removal case, we have no choice but to toss the
> unconfirmed conn
Liping Zhang wrote:
> From: Liping Zhang
>
> When we unlink the helper objects, we will iterate the nf_conntrack_hash,
> iterate the unconfirmed list, handle the hash resize situation, etc.
>
> Actually this logic is same as the nf_ct_iterate_cleanup, so we can use it
> to remove these copy & p
From: Liping Zhang
When we unlink the helper objects, we will iterate the nf_conntrack_hash,
iterate the unconfirmed list, handle the hash resize situation, etc.
Actually this logic is same as the nf_ct_iterate_cleanup, so we can use it
to remove these copy & paste codes.
Signed-off-by: Liping