On 14/02/2025 14:54, Antonio Quartulli wrote:
For example in wireguard/device.c the socket is released in
pernet_operations.pre_exit().
But pre_exit() is invoked in cleanup_net(), which is invoked ONLY if the
net refcount has reached 0...but how can it be zero before the sockets
have been released?
I must be missing something, because this seems to be a reference loop.
FTR, the answer is that sockets created in-kernel (like for wireguard)
have sk->sk_ref_cnt set to 0, which implies that no reference to the
netns is taken.
So ovpn has this issue because our sockets are coming from userspace.
Regards,
--
Antonio Quartulli
OpenVPN Inc.
