Re: [PATCH] Conntrack leak with raw sockets

To:	kaber@xxxxxxxxx (Patrick McHardy)
Subject:	Re: [PATCH] Conntrack leak with raw sockets
From:	Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date:	Sat, 26 Mar 2005 11:09:41 +1100
Cc:	kernel@xxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4244766D.2020001@xxxxxxxxx>
Organization:	Core
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	tin/1.7.4-20040225 ("Benbecula") (UNIX) (Linux/2.4.27-hx-1-686-smp (i686))

Patrick McHardy <kaber@xxxxxxxxx> wrote:
> 
> Great work tracking this down. But I fear the problem will come back
> haunt us with this patch. The are more places where a packet can be
> queued indefinitely, for example stopped qdiscs. IMO the best fix
> is to drop the conntrack reference once the packet leaves IP, so we
> don't have to make any assumptions about what will happen to the
> packet - this would be in ip_finish_output2(). Could you send a patch
> that does this? While you're at it, you could also remove this part
> from ip_conntrack_standalone:

Agreed.

BTW, please use nf_reset() instead of open coding this.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH] Conntrack leak with raw sockets, Phil Oester Re: [PATCH] Conntrack leak with raw sockets, Patrick McHardy Re: [PATCH] Conntrack leak with raw sockets, Herbert Xu <= Re: [PATCH] Conntrack leak with raw sockets, Phil Oester Re: [PATCH] Conntrack leak with raw sockets, Patrick McHardy

Previous by Date:	Re: PATCH: action stats double dip, Thomas Graf
Next by Date:	PATCH: IPSEC acquire in presence of multiple managers, jamal
Previous by Thread:	Re: [PATCH] Conntrack leak with raw sockets, Patrick McHardy
Next by Thread:	Re: [PATCH] Conntrack leak with raw sockets, Phil Oester
Indexes:	[Date] [Thread] [Top] [All Lists]