From: Joerg Marx <joerg.marx@secunet.com>
Date: Thu, 20 May 2010 13:55:30 +0000 (+0200)
Subject: netfilter: nf_conntrack: fix a race in __nf_conntrack_confirm against nf_ct_get_next_... 
X-Git-Tag: v2.6.35-rc1~260^2~38^2~1
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc350777c705a39a312728ac5e8a6f164a828f5d;p=pandora-kernel.git

netfilter: nf_conntrack: fix a race in __nf_conntrack_confirm against nf_ct_get_next_corpse()

This race was triggered by a 'conntrack -F' command running in parallel
to the insertion of a hash for a new connection. Losing this race led to
a dead conntrack entry effectively blocking traffic for a particular
connection until timeout or flushing the conntrack hashes again.
Now the check for an already dying connection is done inside the lock.

Signed-off-by: Joerg Marx <joerg.marx@secunet.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---

Reading git-diff-tree failed