lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 12 Jun 2012 18:03:04 +0200
From:	Pablo Neira Ayuso <>
To:	Gao feng <>
Cc:	David Miller <>,,
Subject: Re: net/netfilter/nf_conntrack_proto_tcp.c:1606:9: error: ‘struct nf_proto_net’ has no member named ‘user’

On Tue, Jun 12, 2012 at 07:03:31PM +0800, Gao feng wrote:
> 于 2012年06月12日 17:29, Pablo Neira Ayuso 写道:
> >> nf_proto_net.users has different meaning when SYSCTL enabled or disabled.
> >>
> >> when SYSCTL enabled,it means if both tcpv4 and tcpv6 register the sysctl,
> >> it is increased when register sysctl success and decreased when unregister sysctl.
> >> we can regard it as the refcnt of ctl_table.
> >>
> >> when SYSCTL disabled,it just used to identify if the proto's pernet data
> >> has been initialized.
> > 
> > We have to use two different counters for this. The conditional
> > meaning of that variable is really confusing.
> > 
> Hi David & Pablo
> Please have a look at this patch and tell me if it's OK.
> it base on Pable's patch.

I think we have to merge those tcpv4_init_net and tcpv6_init_net
functions into one single function tcp_init_net. Then, we can pass
l4proto->l3proto to init_net:

        if (proto->init_net) {
                ret = proto->init_net(net, l4proto->l3proto);
                if (ret < 0)
                        return ret;

Thus, we can check if this is IPv4 or IPv6 and initialize the compat
part accordingly.

Still, we have that pn->users thing:

        if (!pn->users++) {
                for (i = 0; i < TCP_CONNTRACK_TIMEOUT_MAX; i++)
                        tn->timeouts[i] = tcp_timeouts[i];

                tn->tcp_loose = nf_ct_tcp_loose;
                tn->tcp_be_liberal = nf_ct_tcp_be_liberal;
                tn->tcp_max_retrans = nf_ct_tcp_max_retrans;

Define some pn->initialized boolean. Set it to true at the end of
the new tcp_init_net.

Similar thing for other protocol trackers.

Let me know if you are going to send me patches. In that case, please
do it on top of the current tree.

Once that has been cleaned up, we can prepare follow-up patches to
move the sysctl code to nf_conntrack_proto_*_sysctl.c to reduce the
ifdef pollution.
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists