Re: [PATCH] Conntrack leak with raw sockets

[PATCH] Conntrack leak with raw sockets · Phil Oester <hidden> · 2005-03-25
Re: [PATCH] Conntrack leak with raw sockets · Patrick McHardy <hidden> · 2005-03-25
Re: [PATCH] Conntrack leak with raw sockets · Herbert Xu <herbert@gondor.apana.org.au> · 2005-03-26
Re: [PATCH] Conntrack leak with raw sockets · Phil Oester <hidden> · 2005-03-26
Re: [PATCH] Conntrack leak with raw sockets · Patrick McHardy <hidden> · 2005-03-28

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2005-03-26 00:09:41
Also in: netfilter-devel

Patrick McHardy [off-list ref] wrote:

Great work tracking this down. But I fear the problem will come back
haunt us with this patch. The are more places where a packet can be
queued indefinitely, for example stopped qdiscs. IMO the best fix
is to drop the conntrack reference once the packet leaves IP, so we
don't have to make any assumptions about what will happen to the
packet - this would be in ip_finish_output2(). Could you send a patch
that does this? While you're at it, you could also remove this part
from ip_conntrack_standalone:

Agreed.

BTW, please use nf_reset() instead of open coding this.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help