netfilter: ctnetlink: fix dumping of dying/unconfirmed conntracks
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 5 Jun 2014 12:28:44 +0000 (14:28 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 16 Jun 2014 10:51:35 +0000 (12:51 +0200)
The dumping prematurely stops, it seems the callback argument that
indicates that all entries have been dumped is set after iterating
on the first cpu list. The dumping also may stop before the entire
per-cpu list content is also dumped.

With this patch, conntrack -L dying now shows the dying list content
again.

Fixes: b7779d06 ("netfilter: conntrack: spinlock per cpu to protect special lists.")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_conntrack_netlink.c

index 58579634427d2fcbf7f35556424a959697b8655e..ef0eedd70541d77b5be0e99f2b5815177803d5c4 100644 (file)
@@ -1163,9 +1163,6 @@ ctnetlink_dump_list(struct sk_buff *skb, struct netlink_callback *cb, bool dying
        if (cb->args[2])
                return 0;
 
-       if (cb->args[0] == nr_cpu_ids)
-               return 0;
-
        for (cpu = cb->args[0]; cpu < nr_cpu_ids; cpu++) {
                struct ct_pcpu *pcpu;
 
@@ -1194,6 +1191,7 @@ restart:
                        rcu_read_unlock();
                        if (res < 0) {
                                nf_conntrack_get(&ct->ct_general);
+                               cb->args[0] = cpu;
                                cb->args[1] = (unsigned long)ct;
                                spin_unlock_bh(&pcpu->lock);
                                goto out;
@@ -1202,10 +1200,10 @@ restart:
                if (cb->args[1]) {
                        cb->args[1] = 0;
                        goto restart;
-               } else
-                       cb->args[2] = 1;
+               }
                spin_unlock_bh(&pcpu->lock);
        }
+       cb->args[2] = 1;
 out:
        if (last)
                nf_ct_put(last);