Re: [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)

To: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)]
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Tue, 3 Feb 2004 10:27:12 -0800
Cc: steve@xxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.33.0402031825170.11950-100000@xxxxxxxxxxxxxxxxx>
References: <Pine.LNX.4.33.0402031629150.11737-100000@xxxxxxxxxxxxxxxxx> <Pine.LNX.4.33.0402031825170.11950-100000@xxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
On Tue, 3 Feb 2004 18:43:38 +0100 (CET)
Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote:

> Steve Hill reported a conntrack leakage in 2.6.2-rc2 when nat is enabled
> and the system forwards fragmented packets. It turned out that an
> nf_conntrack_put was missing from ip_copy_metadata:

Nevermind my previous email, it was a total thinko... you're patch
is obviously correct and we had this same damn exact problem with
the bridging skbuff nf objects as well. (see changeset 1.1474.41.3)

I'll apply your patch and push to Linus now.  Thanks.

