netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)

from [David S. Miller] [Permanent Link][Original]
To: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)]
From: "David S. Miller" <davem@xxxxxxxxxx>
Date: Tue, 3 Feb 2004 09:48:08 -0800
Cc: steve@xxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.33.0402031825170.11950-100000@blackhole.kfki.hu>
References: <Pine.LNX.4.33.0402031629150.11737-100000@blackhole.kfki.hu> <Pine.LNX.4.33.0402031825170.11950-100000@blackhole.kfki.hu>
Sender: netdev-bounce@xxxxxxxxxxx 
On Tue, 3 Feb 2004 18:43:38 +0100 (CET)
Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote:

> Steve Hill reported a conntrack leakage in 2.6.2-rc2 when nat is enabled
> and the system forwards fragmented packets. It turned out that an
> nf_conntrack_put was missing from ip_copy_metadata:

Yeah, but... look at what you patched.

>       /* Connection association is same as pre-frag packet */
> +     nf_conntrack_put(to->nfct);
>       to->nfct = from->nfct;
>       nf_conntrack_get(to->nfct);

What about that comment?
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [PATCH] IPV6: fix a possible dst leakage in ndisc_send_redirect(), David S. Miller
Next by Date:  [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)], Jozsef Kadlecsik
Previous by Thread:  [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)], Jozsef Kadlecsik
Next by Thread:  Re: [PATCH] fix netfilter refcounting [was Re: Conntrack leak (2.6.2rc2)], David S. Miller
Indexes:  [Date] [Thread] [Top] [All Lists]