On Wed, May 28, 2008 at 11:09:13PM +0300, Octavian Purdila wrote:

On Wednesday 28 May 2008, Jarek Poplawski wrote:

quoted

quoted

quoted

We queue data under the lock and clone appropriate skb (and then grab it
multiple times), so even it will be dropped, its data will not freed,
and thus we will be able to read it. Or you are talking about different
skbs?

You are right, I forgot about the clone.

Probably I miss something, but how does it help when tcp_collapse()
uses __kfree_skb()?

__kfree_skb() -> skb_release_all() -> skb_release_data():

static void skb_release_data(struct sk_buff *skb)
{
        if (!skb->cloned ||
<snip>
                kfree(skb->head);

Since we clone the skb in skb_splice_bits() the skb's data will only be freed 
when the last clone is deleted.

Right!

Thanks for explanation,
Jarek P.