Re: [PATCH] Conntrack leak with raw sockets

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Phil Oester <kernel@linuxace.com>
Cc: netdev@oss.sgi.com, netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] Conntrack leak with raw sockets
Date: Fri, 25 Mar 2005 21:37:01 +0100	[thread overview]
Message-ID: <4244766D.2020001@trash.net> (raw)
In-Reply-To: <20050325201127.GA3400@linuxace.com>

Phil Oester wrote:
> In the event a raw socket is created for sending purposes only, the creator
> never bothers to check the socket's receive queue.  But we continue to
> add skbs to its queue until it fills up.
> 
> Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the
> queue potentially holds a reference to a conntrack.  If the user attempts
> to unload ip_conntrack, we will spin around forever since the queued skbs
> are pinned.

Great work tracking this down. But I fear the problem will come back
haunt us with this patch. The are more places where a packet can be
queued indefinitely, for example stopped qdiscs. IMO the best fix
is to drop the conntrack reference once the packet leaves IP, so we
don't have to make any assumptions about what will happen to the
packet - this would be in ip_finish_output2(). Could you send a patch
that does this? While you're at it, you could also remove this part
from ip_conntrack_standalone:

#if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)
         /* Previously seen (loopback)?  Ignore.  Do this before
            fragment check. */
         if ((*pskb)->nfct)
                 return NF_ACCEPT;
#endif

Regards
Patrick

next prev parent reply	other threads:[~2005-03-25 20:37 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-03-25 20:11 [PATCH] Conntrack leak with raw sockets Phil Oester
2005-03-25 20:37 ` Patrick McHardy [this message]
2005-03-26  0:09   ` Herbert Xu
2005-03-26  6:05   ` Phil Oester
2005-03-28 20:16     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4244766D.2020001@trash.net \
    --to=kaber@trash.net \
    --cc=kernel@linuxace.com \
    --cc=netdev@oss.sgi.com \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).