[PATCH] fix mem-leak in netfilter
David S. Miller
davem at davemloft.net
Wed May 17 08:59:10 CEST 2006
From: Patrick McHardy <kaber at trash.net>
Date: Wed, 17 May 2006 08:26:03 +0200
> Stephen Frost wrote:
> > Looking at this again... The ttl isn't copied into 'ttl' unless the
> > check_set has TTL turned on. This means that the overwritting was fine,
> > if you accept that you can only ever match on TTL, or never match on it.
> > That doesn't seem right to me. The TTL in the table should always be
> > kept up-to-date and the only question is if the current rule requires it
> > for a match or not.
> OK, updated patch attached. The TTL is now always kept up-to-date.
Is there any reasonable reason to allow ip_pkt_list_tot to ever be
larger than say 255? If we can accept that limit, we can shrink
the recent_entry considerably by packing the index and nstamps
into a single word next to ttl.
More information about the netfilter-devel