Hi, On h, okt 06, 2008 at 05:41:59 +0200, Patrick McHardy wrote: > KOVACS Krisztian wrote: > >On h, okt 06, 2008 at 04:39:21 +0400, Alexey Dobriyan wrote: > >>xt_TPROXY will pin it because it uses a symbol from it, so it won't > >>dissapear. > > > >Yeah, that's true, and I think that it's impossible to remove the rule > >attaching the socket references while the skb's in flight. Ok, so let's > >add module_exit() then. > > So Alexey's patch is fine for applying? My only fear was that you can remove the core module while there's a function pointer attached to the skb. The TPROXY target is the only one actually attaching the pointer and you obviously can't remove the core module while you have a rule referring to TPROXY. The question is wheter or not it's possible that an skb still has the TPROXY-assigned socket (and destructor function pointer) after the referring iptables rule has been removed. I'm still not 100% sure that this is not possible... Making the module unloadable is not the proper solution, though. -- KOVACS Krisztian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
