* problem with connlimit module compile
@ 2005-09-01 18:58 Keith
2005-09-01 19:08 ` Damon Gray
2005-09-01 19:43 ` ip_conntrack_get doesn't call nf_conntrack_get(&ct->ct_general) Damon Gray
0 siblings, 2 replies; 4+ messages in thread
From: Keith @ 2005-09-01 18:58 UTC (permalink / raw)
To: netfilter
I'm using kernel 2.6.13 and iptables 1.3.2 and
patch-o-matic ng-20040621
I'm getting an error when I try to patch and compile to use
connlimit from the patch-o-matic base. the errors look like this:
In function count_them:
struct ip_conntrack_tuple_hash has no member named ctrack
And sure enough I find the ctrack pointer was removed here:
http://lists.netfilter.org/pipermail/netfilter-devel/2005-January/018147.htm
l
I started digging into the source and find it non-trivial
Any suggestions on a work around?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: problem with connlimit module compile
2005-09-01 18:58 problem with connlimit module compile Keith
@ 2005-09-01 19:08 ` Damon Gray
2005-09-01 19:43 ` ip_conntrack_get doesn't call nf_conntrack_get(&ct->ct_general) Damon Gray
1 sibling, 0 replies; 4+ messages in thread
From: Damon Gray @ 2005-09-01 19:08 UTC (permalink / raw)
To: Keith; +Cc: netfilter
You are going to want to go with a much newer version of POM for the
connlimit module, I have only tested the latest version with 2.6.11.X, but
AFAIK it would work on later versions as well.
Good luck
-Damon-
On Thu, 1 Sep 2005, Keith wrote:
> I'm using kernel 2.6.13 and iptables 1.3.2 and
> patch-o-matic ng-20040621
>
> I'm getting an error when I try to patch and compile to use
> connlimit from the patch-o-matic base. the errors look like this:
>
> In function count_them:
> struct ip_conntrack_tuple_hash has no member named ctrack
>
> And sure enough I find the ctrack pointer was removed here:
> http://lists.netfilter.org/pipermail/netfilter-devel/2005-January/018147.htm
> l
>
>
> I started digging into the source and find it non-trivial
> Any suggestions on a work around?
>
>
>
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* ip_conntrack_get doesn't call nf_conntrack_get(&ct->ct_general)
2005-09-01 18:58 problem with connlimit module compile Keith
2005-09-01 19:08 ` Damon Gray
@ 2005-09-01 19:43 ` Damon Gray
2005-09-01 22:05 ` Patrick McHardy
1 sibling, 1 reply; 4+ messages in thread
From: Damon Gray @ 2005-09-01 19:43 UTC (permalink / raw)
To: netfilter-devel
Until I looked more closely I always assumed ip_conntrack_get was doing
the proper reference counting, and I would always call ip_conntrack_put
for everything I was "getting". The problem is that ip_conntrack_put calls
nf_conntrack_put(&ct->ct_general) but ip_conntrack_get *does not* call
nf_conntrack_get(&ct->ct_general). Problem? If so I would be happy to send
a patch.
Thanks
-Damon-
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ip_conntrack_get doesn't call nf_conntrack_get(&ct->ct_general)
2005-09-01 19:43 ` ip_conntrack_get doesn't call nf_conntrack_get(&ct->ct_general) Damon Gray
@ 2005-09-01 22:05 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-09-01 22:05 UTC (permalink / raw)
To: Damon Gray; +Cc: netfilter-devel
Damon Gray wrote:
>
> Until I looked more closely I always assumed ip_conntrack_get was doing
> the proper reference counting, and I would always call ip_conntrack_put
> for everything I was "getting". The problem is that ip_conntrack_put calls
> nf_conntrack_put(&ct->ct_general) but ip_conntrack_get *does not* call
> nf_conntrack_get(&ct->ct_general). Problem? If so I would be happy to
> send a patch.
This is one of the uglies of ip_conntrack. ip_conntrack_get just returns
the nfct pointer from the skb and the nfctinfo field in *ctinfo, without
increasing the refcnt, refcounting is done using nf_conntrack_get.
Before nfctinfo was introduced, ctinfo it had to be derived from the
nfct pointer, which is why ip_conntrack_get exists. Cleanup patches in
this area would be very welcome, but it should be done for nf_conntrack,
which copied this part of ip_conntrack.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-09-01 22:05 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-01 18:58 problem with connlimit module compile Keith
2005-09-01 19:08 ` Damon Gray
2005-09-01 19:43 ` ip_conntrack_get doesn't call nf_conntrack_get(&ct->ct_general) Damon Gray
2005-09-01 22:05 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.