[PATCH] Conntrack leak with raw sockets

To:	netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[PATCH] Conntrack leak with raw sockets
From:	Phil Oester <kernel@xxxxxxxxxxxx>
Date:	Fri, 25 Mar 2005 12:11:27 -0800
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.4.1i

In the event a raw socket is created for sending purposes only, the creator
never bothers to check the socket's receive queue.  But we continue to
add skbs to its queue until it fills up.

Unfortunately, if ip_conntrack is loaded on the box, each skb we add to the
queue potentially holds a reference to a conntrack.  If the user attempts
to unload ip_conntrack, we will spin around forever since the queued skbs
are pinned.

This behaviour can be witnessed in Fedora distributions which use
NetworkManager.  Arguably there should be an option to create a 'sending-only'
socket which won't suffer from this problem, but in the interim I think
the cleanest solution is to drop the conntrack reference before adding the skb
to the socket's queue.  The below patch does just that.

This fixes Netfilter bugzilla #91 and Redhat bugzilla #112630.

Phil

Signed-off-by: Phil Oester <kernel@xxxxxxxxxxxx>

patch-ref
Description: Text document

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Conntrack leak with raw sockets, Phil Oester <= Re: [PATCH] Conntrack leak with raw sockets, Patrick McHardy Re: [PATCH] Conntrack leak with raw sockets, Herbert Xu Re: [PATCH] Conntrack leak with raw sockets, Phil Oester Re: [PATCH] Conntrack leak with raw sockets, Patrick McHardy

Previous by Date:	Re: iptables breakage WAS(Re: dummy as IMQ replacement, jamal
Next by Date:	Re: iptables breakage WAS(Re: dummy as IMQ replacement, Patrick McHardy
Previous by Thread:	[PATCH wireless-2.6 1/1] ipw2200 1.0.0, James Ketrenos
Next by Thread:	Re: [PATCH] Conntrack leak with raw sockets, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]