From d265dccfd349a35dc382c8027d1374892a76b0ff Mon Sep 17 00:00:00 2001 From: Chion Tang Date: Thu, 29 Mar 2018 12:19:49 +0100 Subject: fix: conntrack event notifier conflicts --- xt_FULLCONENAT.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/xt_FULLCONENAT.c b/xt_FULLCONENAT.c index 22f1e0f..00ec5d6 100644 --- a/xt_FULLCONENAT.c +++ b/xt_FULLCONENAT.c @@ -72,6 +72,7 @@ struct nat_mapping { struct nf_ct_event_notifier ct_event_notifier; int tg_refer_count = 0; +int ct_event_notifier_registered = 0; static DEFINE_MUTEX(nf_ct_net_event_lock); @@ -551,9 +552,14 @@ static int fullconenat_tg_check(const struct xt_tgchk_param *par) if (tg_refer_count == 1) { nf_ct_netns_get(par->net, par->family); ct_event_notifier.fcn = ct_event_cb; - nf_conntrack_register_notifier(par->net, &ct_event_notifier); - pr_debug("xt_FULLCONENAT: fullconenat_tg_check(): ct_event_notifier registered\n"); + if (nf_conntrack_register_notifier(par->net, &ct_event_notifier) == 0) { + ct_event_notifier_registered = 1; + pr_debug("xt_FULLCONENAT: fullconenat_tg_check(): ct_event_notifier registered\n"); + } else { + printk("xt_FULLCONENAT: warning: failed to register a conntrack notifier. Disable active GC for mappings.\n"); + } + } mutex_unlock(&nf_ct_net_event_lock); @@ -570,10 +576,14 @@ static void fullconenat_tg_destroy(const struct xt_tgdtor_param *par) pr_debug("xt_FULLCONENAT: fullconenat_tg_destroy(): tg_refer_count is now %d\n", tg_refer_count); if (tg_refer_count == 0) { - nf_conntrack_unregister_notifier(par->net, &ct_event_notifier); - nf_ct_netns_put(par->net, par->family); + if (ct_event_notifier_registered) { + nf_conntrack_unregister_notifier(par->net, &ct_event_notifier); + ct_event_notifier_registered = 0; - pr_debug("xt_FULLCONENAT: fullconenat_tg_destroy(): ct_event_notifier unregistered\n"); + pr_debug("xt_FULLCONENAT: fullconenat_tg_destroy(): ct_event_notifier unregistered\n"); + + } + nf_ct_netns_put(par->net, par->family); } mutex_unlock(&nf_ct_net_event_lock); -- cgit v1.2.3