[Top] [All Lists]

Re: Conntrack leak (2.6.2rc2)

To: Steve Hill <steve@xxxxxxxxxxxx>
Subject: Re: Conntrack leak (2.6.2rc2)
From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Date: Mon, 2 Feb 2004 13:47:56 +0100 (CET)
Cc: <netdev@xxxxxxxxxxx>
In-reply-to: <Pine.LNX.4.58.0402021146370.5347@sorbus2.navaho>
Sender: netdev-bounce@xxxxxxxxxxx
On Mon, 2 Feb 2004, Steve Hill wrote:

> On Mon, 2 Feb 2004, Jozsef Kadlecsik wrote:
> > Yes, once, on the whole packet. Or do you see the message two times, when
> > issuing the ping command above once?
> No, only once for the whole packet (sorry, I think I didn't do a good job
> of describing the problem).
> init_conntrack() always gets called once for the whole packet (this seems
> right to me).  However, destroy never gets called for the whole packet if
> the packet was fragmented, which seems to be  the source of the leak -
> init_conntrack was called and allocated for the whole packet but that
> memory is never freed again if the packet was fragmented.

To be precise, the destroy function is not called whenever a packet leaves
the system: it gets called, when conntrack thinks the connection is
completed. It can happen when whe explicitly know from the packet that it
finishes the connection (ICMP reply for ICMP non-error messages, and a
special case for TCP RST), or when the timer of the conntrack entry goes

So the destroy function is called when the system sees the ICMP reply
packet from machine 3 (and there were so many request as reply packets so
far) - otherwise it'll simply time out the connection.

Machine 3 answers the ping requests, doesn't it? You ping the same IP
address all the time?

Best regards,
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxxxxx
PGP key :
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

<Prev in Thread] Current Thread [Next in Thread>