From: Pablo Neira <pablo@eurodev.net>
To: Deti Fliegl <deti@fliegl.de>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: again: conntrack & 2.6.14-git11
Date: Wed, 09 Nov 2005 14:38:37 +0100 [thread overview]
Message-ID: <4371FBDD.4020302@eurodev.net> (raw)
In-Reply-To: <4371D660.4060003@fliegl.de>
[-- Attachment #1: Type: text/plain, Size: 465 bytes --]
Deti Fliegl wrote:
> as far as I've seen all fixes for nf_netlink/conntrack are contained in
> 2.6.14-git11. I tried calling conntrack within an endless loop while my
> stresstest was running. After app. 30 minutes the kernel crashed. Did I
> miss an important patch from this list? How can I help?
I don't see the patch that is supposed to fix the problem in that git
snapshot. Please, make sure that the patch attached is applied to your
kernel tree.
--
Pablo
[-- Attachment #2: 02-ctnl-refcnt.patch --]
[-- Type: text/plain, Size: 1343 bytes --]
[NETFILTER] refcount leak of proto when ctnetlink dumping tuple
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
---
commit 3a4486b6419a1f25324bb4280d51f5c77b1117f7
tree 88b1831d06e21417baca01d1632131d96e3be611
parent 61a002f080c6473da94f28314502ff0f15fe3625
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 04 Nov 2005 14:35:27 +0900
committer Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 04 Nov 2005 14:35:27 +0900
net/ipv4/netfilter/ip_conntrack_netlink.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -58,14 +58,17 @@ ctnetlink_dump_tuples_proto(struct sk_bu
const struct ip_conntrack_tuple *tuple)
{
struct ip_conntrack_protocol *proto;
+ int ret = 0;
NFA_PUT(skb, CTA_PROTO_NUM, sizeof(u_int8_t), &tuple->dst.protonum);
proto = ip_conntrack_proto_find_get(tuple->dst.protonum);
- if (proto && proto->tuple_to_nfattr)
- return proto->tuple_to_nfattr(skb, tuple);
+ if (likely(proto && proto->tuple_to_nfattr)) {
+ ret = proto->tuple_to_nfattr(skb, tuple);
+ ip_conntrack_proto_put(proto);
+ }
- return 0;
+ return ret;
nfattr_failure:
return -1;
next prev parent reply other threads:[~2005-11-09 13:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-09 10:58 again: conntrack & 2.6.14-git11 Deti Fliegl
2005-11-09 13:38 ` Pablo Neira [this message]
2005-11-11 7:10 ` Deti Fliegl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4371FBDD.4020302@eurodev.net \
--to=pablo@eurodev.net \
--cc=deti@fliegl.de \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.