26 Apr, 2017
1 commit
-
Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
20 Dec, 2013
1 commit
-
When having nf_conntrack_timestamp enabled deleting a netns
can lead to the following BUG being triggered:[63836.660000] Kernel bug detected[#1]:
[63836.660000] CPU: 0 PID: 0 Comm: swapper Not tainted 3.10.18 #14
[63836.660000] task: 802d9420 ti: 802d2000 task.ti: 802d2000
[63836.660000] $ 0 : 00000000 00000000 00000000 00000000
[63836.660000] $ 4 : 00000001 00000004 00000020 00000020
[63836.660000] $ 8 : 00000000 80064910 00000000 00000000
[63836.660000] $12 : 0bff0002 00000001 00000000 0a0a0abe
[63836.660000] $16 : 802e70a0 85f29d80 00000000 00000004
[63836.660000] $20 : 85fb62a0 00000002 802d3bc0 85fb62a0
[63836.660000] $24 : 00000000 87138110
[63836.660000] $28 : 802d2000 802d3b40 00000014 871327cc
[63836.660000] Hi : 000005ff
[63836.660000] Lo : f2edd000
[63836.660000] epc : 87138794 __nf_ct_ext_add_length+0xe8/0x1ec [nf_conntrack]
[63836.660000] Not tainted
[63836.660000] ra : 871327cc nf_conntrack_in+0x31c/0x7b8 [nf_conntrack]
[63836.660000] Status: 1100d403 KERNEL EXL IE
[63836.660000] Cause : 00800034
[63836.660000] PrId : 0001974c (MIPS 74Kc)
[63836.660000] Modules linked in: ath9k ath9k_common pppoe ppp_async iptable_nat ath9k_hw ath pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv4 mac80211 ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_state xt_quota xt_policy xt_pkttype xt_owner xt_nat xt_multiport xt_mark xh
[63836.660000] Process swapper (pid: 0, threadinfo=802d2000, task=802d9420, tls=00000000)
[63836.660000] Stack : 802e70a0 871323d4 00000005 87080234 802e70a0 86d2a840 00000000 00000000
[63836.660000] Call Trace:
[63836.660000] [] __nf_ct_ext_add_length+0xe8/0x1ec [nf_conntrack]
[63836.660000] [] nf_conntrack_in+0x31c/0x7b8 [nf_conntrack]
[63836.660000] [] nf_iterate+0x90/0xec
[63836.660000] [] nf_hook_slow+0x98/0x164
[63836.660000] [] ip_rcv+0x3e8/0x40c
[63836.660000] [] __netif_receive_skb_core+0x624/0x6a4
[63836.660000] [] process_backlog+0xa4/0x16c
[63836.660000] [] net_rx_action+0x10c/0x1e0
[63836.660000] [] __do_softirq+0xd0/0x1bc
[63836.660000] [] do_softirq+0x48/0x68
[63836.660000] [] irq_exit+0x54/0x70
[63836.660000] [] ret_from_irq+0x0/0x4
[63836.660000] [] r4k_wait_irqoff+0x18/0x1c
[63836.660000] [] cpu_startup_entry+0xa4/0x104
[63836.660000] [] start_kernel+0x394/0x3ac
[63836.660000]
[63836.660000]
Code: 00821021 8c420000 2c440001 90440011 92350010 90560010 2485ffff 02a5a821
[63837.040000] ---[ end trace ebf660c3ce3b55e7 ]---
[63837.050000] Kernel panic - not syncing: Fatal exception in interrupt
[63837.050000] Rebooting in 3 seconds..Fix this by not unregistering the conntrack extension in the per-netns
cleanup code.This bug was introduced in (73f4001 netfilter: nf_ct_tstamp: move
initialization out of pernet_operations).Signed-off-by: Helmut Schaa
Signed-off-by: Pablo Neira Ayuso
23 Jan, 2013
1 commit
-
Move the global initial codes to the module_init/exit context.
Signed-off-by: Gao feng
Signed-off-by: Pablo Neira Ayuso
19 Nov, 2012
1 commit
-
In preparation for supporting the creation of network namespaces
by unprivileged users, modify all of the per net sysctl exports
and refuse to allow them to unprivileged users.This makes it safe for unprivileged users in general to access
per net sysctls, and allows sysctls to be exported to unprivileged
users on an individual basis as they are deemed safe.Signed-off-by: "Eric W. Biederman"
Signed-off-by: David S. Miller
21 Apr, 2012
1 commit
-
This results in code with less boiler plate that is a bit easier
to read.Additionally stops us from using compatibility code in the sysctl
core, hastening the day when the compatibility code can be removed.Signed-off-by: Eric W. Biederman
Acked-by: Pavel Emelyanov
Signed-off-by: David S. Miller
20 Dec, 2011
1 commit
-
module_param(bool) used to counter-intuitively take an int. In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.It's time to remove the int/unsigned int option. For this version
it'll simply give a warning, but it'll break next kernel version.(Thanks to Joe Perches for suggesting coccinelle for 0/1 -> true/false).
Cc: "David S. Miller"
Cc: netdev@vger.kernel.org
Signed-off-by: Rusty Russell
Signed-off-by: David S. Miller
19 Jan, 2011
1 commit
-
This patch adds flow-based timestamping for conntracks. This
conntrack extension is disabled by default. Basically, we use
two 64-bits variables to store the creation timestamp once the
conntrack has been confirmed and the other to store the deletion
time. This extension is disabled by default, to enable it, you
have to:echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
This patch allows to save memory for user-space flow-based
loogers such as ulogd2. In short, ulogd2 does not need to
keep a hashtable with the conntrack in user-space to know
when they were created and destroyed, instead we use the
kernel timestamp. If we want to have a sane IPFIX implementation
in user-space, this nanosecs resolution timestamps are also
useful. Other custom user-space applications can benefit from
this via libnetfilter_conntrack.This patch modifies the /proc output to display the delta time
in seconds since the flow start. You can also obtain the
flow-start date by means of the conntrack-tools.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
