Re: Possible 'destroy' paths for conntracks?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tobias DiPasquale <codeslinger@gmail.com>
To: Justin Schoeman <justin@expertron.co.za>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Possible 'destroy' paths for conntracks?
Date: Mon, 7 Mar 2005 08:18:03 -0500	[thread overview]
Message-ID: <876ef97a0503070518172b7387@mail.gmail.com> (raw)
In-Reply-To: <422C1FA6.5030701@expertron.co.za>

On Mon, 07 Mar 2005 11:32:22 +0200, Justin Schoeman
<justin@expertron.co.za> wrote:
> I am trying to locate a memory leak, either induced by, or agravated by
> the l7-filter.
> 
> Using the slab debugger, I see that the memory that is leaking are the
> app_data and/or app_proto fields that are kmalloc'ed in the 'match' method.
> 
> These are then (supposed to be) kfree'ed in the destroy_conntrack
> function, but they are apparently not destroyed, as even after most
> active connections have closed/timed out (/proc/net/ip_conntrack is
> practically empty), there are still thousands of these kmalloced memory
> regions left.
> 
> At the moment, I am assuming that there are multiple possible paths for
> a conntrack to be destroyed, and l7-filter is just missing some.  Is
> this true?  If so, what are all the possible destructors, or is there
> one single (better) place to clean up per-conntrack specific memory?

No, destroy_conntrack() is the sole location of conntrack record
destruction. If you follow any conntrack record deletion routine, it
will hit destroy_conntrack() at some point. What kernel version are
you using and what patches have you applied? What version of l7-filter
are you using? The destroy_conntrack() function doesn't know anything
about filter-specific allocations, so if the allocations are not
destroyed in the protocol-specific deletion handler, they will not be
destroyed. How is l7-filter registering its delete functionality for
these memories? Is it doing so at all?

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d

next prev parent reply	other threads:[~2005-03-07 13:18 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-07  9:32 Possible 'destroy' paths for conntracks? Justin Schoeman
2005-03-07 13:14 ` Patrick McHardy
2005-03-07 13:18 ` Tobias DiPasquale [this message]
2005-03-07 13:30   ` Justin Schoeman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=876ef97a0503070518172b7387@mail.gmail.com \
    --to=codeslinger@gmail.com \
    --cc=justin@expertron.co.za \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.