[PATCH V2,nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize

From: Liping Zhang When we do "cat /proc/net/nf_conntrack", and meanwhile resize the conntrack hash table via /sys/module/nf_conntrack/parameters/hashsize, race will happen, because reader can observe a newly allocated hash but the old size (or vice versa). So oops will happen like follows： BU

[PATCH V2,nf 0/3] netfilter: conntrack: fix race condition associated with hash resize

From: Liping Zhang When user adjust the hash size via /sys/module/nf_conntrack/parameters/hashsize, something will break because race condition happened. This patch set aim to fix these bugs. When we do "cat /proc/net/nf_conntrack", and at the same time do hash resize, nf_conntrack_htable_size

[PATCH V2,nf 2/3] netfilter: cttimeout: unlink timeout obj again when hash resize happen

From: Liping Zhang Imagine such situation, nf_conntrack_htable_size now is 4096, we are doing ctnl_untimeout, and iterate on 3000# bucket. Meanwhile, another user try to reduce hash size to 2048, then all nf_conn are removed to the new hashtable. When this hash resize operation finished, we stil

[PATCH V2,nf 3/3] netfilter: nf_ct_helper: unlink helper again when hash resize happen

From: Liping Zhang Similar to ctnl_untimeout, when hash resize happened, we should try to do unhelp from the 0# bucket again. Signed-off-by: Liping Zhang --- V2: no need to use nf_conntrack_generation to check hash resize happen. net/netfilter/nf_conntrack_helper.c | 20 ++--

Re: [PATCH nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize

>Good catch, but ... > >> diff --git a/include/net/netfilter/nf_conntrack_core.h >> b/include/net/netfilter/nf_conntrack_core.h >> index 3e2f332..4f6453a 100644 >> --- a/include/net/netfilter/nf_conntrack_core.h >> +++ b/include/net/netfilter/nf_conntrack_core.h >> @@ -82,6 +82,7 @@ print_tuple(st

Re: [PATCH 1/1] nft: configure.ac: Replace magic dblatex dep.

I reversed the logic. I'm also considering this thread closed. The new thread can be found with the subject "[PATCH 1/1 rev.1] nft: configure.ac: Replace magic dblatex dep." If anyone could direct any further questions or comments to that thread, it would be much appreciated. Thanks, Nicholas V

Re: [PATCH 1/1 rev. 1] nft: configure.ac: Replace magic dblatex dep.

The difference between this patch and the original one is that this patch defaults pdf documentation generation to 'disabled' instead of 'enabled'. Thanks, Nicholas Vinson On 07/02/2016 11:34 AM, Nicholas Vinson wrote: > Add a configure switch to enable and disable PDF document generation. > This

[PATCH 1/1 rev. 1] nft: configure.ac: Replace magic dblatex dep.

Add a configure switch to enable and disable PDF document generation. This switch is to replace the current method of automatically detecting dblatex and building the PDF documentation when present. Signed-off-by: Nicholas Vinson --- configure.ac | 19 +-- 1 file changed, 13 inse

Re: [PATCH nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize

Liping Zhang wrote: > From: Liping Zhang > > When we do "cat /proc/net/nf_conntrack", and meanwhile resize the conntrack > hash table via /sys/module/nf_conntrack/parameters/hashsize, race will > happen, because reader can observe a newly allocated hash but the old size > (or vice versa). So oop

Re: nftables: Dynamically updating sets gives syntax error

Hello, On lør, 2016-06-25 at 15:30 +0200, Anders K. Pedersen wrote: > With nftables 0.6 I'm getting a syntax error, when I try to use the > feature that was introduced > by http://git.netfilter.org/nftables/commit > /?id=a9467e55973b10c2e8fe37525514c961580f8506 . For example: > > # nft filter inp

[PATCH nf 2/3] netfilter: cttimeout: unlink timeout obj again when hash resize happen

From: Liping Zhang Imagine such situation, nf_conntrack_htable_size now is 4096, we are doing ctnl_untimeout, and iterate on 3000# bucket. Meanwhile, another user try to reduce hash size to 2048, then all nf_conn are removed to the new hashtable. When this hash resize operation finished, we stil

[PATCH nf 0/3] netfilter: conntrack: fix race condition associated with hash resize

From: Liping Zhang When user adjust the hash size via /sys/module/nf_conntrack/parameters/hashsize, something will break because race condition happened. This patch set aim to fix these bugs. When we do "cat /proc/net/nf_conntrack", and at the same time do hash resize, nf_conntrack_htable_size

[PATCH nf 1/3] netfilter: conntrack: fix race between nf_conntrack proc read and hash resize

From: Liping Zhang When we do "cat /proc/net/nf_conntrack", and meanwhile resize the conntrack hash table via /sys/module/nf_conntrack/parameters/hashsize, race will happen, because reader can observe a newly allocated hash but the old size (or vice versa). So oops will happen like follows： BU

[PATCH nf 3/3] netfilter: nf_ct_helper: unlink helper again when hash resize happen

From: Liping Zhang Similar to ctnl_untimeout, when hash resize happened, we should try to do unhelp from the 0# bucket again. Signed-off-by: Liping Zhang --- net/netfilter/nf_conntrack_helper.c | 14 -- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf

[ANNOUNCE] libmnl 1.0.4 release

Hi! The Netfilter project presents: libmnl 1.0.4 libmnl is a minimalistic user-space library oriented to Netlink developers. There are a lot of common tasks in parsing, validating, constructing of both the Netlink header and TLVs that are repetitive and easy to get wrong. This library ai