[PATCH 1/4] fix leak of fragment queue at unloading
nf_conntrack_ipv6
Harald Welte
laforge at netfilter.org
Sun Nov 13 11:08:37 CET 2005
On Sun, Nov 13, 2005 at 05:50:42PM +0900, Yasuyuki KOZAKAI wrote:
>
> This makes nf_conntrack_ipv6 free all IPv6 fragment queues at unloading.
> This also check inconsistency between memory tracking and actual usage
> to avoid endless loop at eviction.
I'm fine with this, but:
> tmp = nf_ct_frag6_lru_list.next;
> + if (tmp == NULL) {
> + if (net_ratelimit())
> + printk(KERN_ERR
> + "nf_ct_reasm: no queue to be evicted");
> + return;
> + }
Why is it an error if we don't have a defrag queue at unloading time?
Isn't it possible that we never process any fragments (or finished
processing of all fragments some time ago) and thus have an empty queue?
If I understand this correctly, it should be a DEBUG message, at most.
Please comment.
--
- Harald Welte <laforge at netfilter.org> http://netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20051113/e6015707/attachment.pgp
More information about the netfilter-devel
mailing list