# This is a BitKeeper generated diff -Nru style patch. # # ChangeSet # 2004/08/19 16:51:10+02:00 kaber@coreworks.de # [NETFILTER]: Flush ip fragment queue on conntrack module unload # # Signed-off-by: Patrick McHardy # # net/ipv4/netfilter/ip_conntrack_standalone.c # 2004/08/19 16:50:47+02:00 kaber@coreworks.de +2 -0 # [NETFILTER]: Flush ip fragment queue on conntrack module unload # # net/ipv4/ip_fragment.c # 2004/08/19 16:50:47+02:00 kaber@coreworks.de +14 -3 # [NETFILTER]: Flush ip fragment queue on conntrack module unload # # include/net/ip.h # 2004/08/19 16:50:47+02:00 kaber@coreworks.de +1 -0 # [NETFILTER]: Flush ip fragment queue on conntrack module unload # diff -Nru a/include/net/ip.h b/include/net/ip.h --- a/include/net/ip.h 2004-08-19 16:53:39 +02:00 +++ b/include/net/ip.h 2004-08-19 16:53:39 +02:00 @@ -255,6 +255,7 @@ */ struct sk_buff *ip_defrag(struct sk_buff *skb); +extern void ipfrag_flush(void); extern int ip_frag_nqueues; extern atomic_t ip_frag_mem; diff -Nru a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c --- a/net/ipv4/ip_fragment.c 2004-08-19 16:53:38 +02:00 +++ b/net/ipv4/ip_fragment.c 2004-08-19 16:53:38 +02:00 @@ -241,15 +241,15 @@ } /* Memory limiting on fragments. Evictor trashes the oldest - * fragment queue until we are back under the low threshold. + * fragment queue until we are back under the threshold. */ -static void ip_evictor(void) +static void __ip_evictor(int threshold) { struct ipq *qp; struct list_head *tmp; int work; - work = atomic_read(&ip_frag_mem) - sysctl_ipfrag_low_thresh; + work = atomic_read(&ip_frag_mem) - threshold; if (work <= 0) return; @@ -274,6 +274,11 @@ } } +static inline void ip_evictor(void) +{ + __ip_evictor(sysctl_ipfrag_low_thresh); +} + /* * Oops, a fragment queue timed out. Kill it and send an ICMP reply. */ @@ -684,4 +689,10 @@ add_timer(&ipfrag_secret_timer); } +void ipfrag_flush(void) +{ + __ip_evictor(0); +} + EXPORT_SYMBOL(ip_defrag); +EXPORT_SYMBOL(ipfrag_flush); diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c --- a/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-08-19 16:53:38 +02:00 +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-08-19 16:53:39 +02:00 @@ -806,6 +806,8 @@ nf_unregister_hook(&ip_conntrack_defrag_local_out_ops); cleanup_defragops: nf_unregister_hook(&ip_conntrack_defrag_ops); + /* Frag queues may hold fragments with skb->dst == NULL */ + ipfrag_flush(); cleanup_proc_stat: proc_net_remove("ip_conntrack_stat"); cleanup_proc_exp: