Re: Possible 'destroy' paths for conntracks?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Justin Schoeman <justin@expertron.co.za>
To: Tobias DiPasquale <codeslinger@gmail.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Possible 'destroy' paths for conntracks?
Date: Mon, 07 Mar 2005 15:30:38 +0200	[thread overview]
Message-ID: <422C577E.707@expertron.co.za> (raw)
In-Reply-To: <876ef97a0503070518172b7387@mail.gmail.com>

I am currently using 2.6.11 with the updated l7 patch 
(http://www.kegans.com/projects/tcss/files/required/patch-layer7-2.6.11-rc4.diff.bz2) 
and the slab debugging patches (currently only in the lkml archives - I 
can forward it if required).

The interesting thing is that everything worked perfectly in 2.6.8.1 - 
it is only in 2.6.9+ that things started leaking.  Were there any 
significant changes made to the conntrack code in 2.6.9?

Thanks,
Justin

Tobias DiPasquale wrote:
> On Mon, 07 Mar 2005 11:32:22 +0200, Justin Schoeman
> <justin@expertron.co.za> wrote:
> 
>>I am trying to locate a memory leak, either induced by, or agravated by
>>the l7-filter.
>>
>>Using the slab debugger, I see that the memory that is leaking are the
>>app_data and/or app_proto fields that are kmalloc'ed in the 'match' method.
>>
>>These are then (supposed to be) kfree'ed in the destroy_conntrack
>>function, but they are apparently not destroyed, as even after most
>>active connections have closed/timed out (/proc/net/ip_conntrack is
>>practically empty), there are still thousands of these kmalloced memory
>>regions left.
>>
>>At the moment, I am assuming that there are multiple possible paths for
>>a conntrack to be destroyed, and l7-filter is just missing some.  Is
>>this true?  If so, what are all the possible destructors, or is there
>>one single (better) place to clean up per-conntrack specific memory?
> 
> 
> No, destroy_conntrack() is the sole location of conntrack record
> destruction. If you follow any conntrack record deletion routine, it
> will hit destroy_conntrack() at some point. What kernel version are
> you using and what patches have you applied? What version of l7-filter
> are you using? The destroy_conntrack() function doesn't know anything
> about filter-specific allocations, so if the allocations are not
> destroyed in the protocol-specific deletion handler, they will not be
> destroyed. How is l7-filter registering its delete functionality for
> these memories? Is it doing so at all?
>

     prev parent reply	other threads:[~2005-03-07 13:30 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-07  9:32 Possible 'destroy' paths for conntracks? Justin Schoeman
2005-03-07 13:14 ` Patrick McHardy
2005-03-07 13:18 ` Tobias DiPasquale
2005-03-07 13:30   ` Justin Schoeman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=422C577E.707@expertron.co.za \
    --to=justin@expertron.co.za \
    --cc=codeslinger@gmail.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.