Hi Patrick, Patrick McHardy wrote: > These patches look almost perfect, there's just one minor thing > that should be fixed from my perspective (from patch 4): > >> + l3proto = nf_ct_l3proto_find_get(tuple->src.l3num); >> + len += l3proto->nla_size; >> + nf_ct_l3proto_put(l3proto); >> + >> + l4proto = nf_ct_l4proto_find_get(tuple->src.l3num, >> tuple->dst.protonum); >> + len += l4proto->nla_size; >> + nf_ct_l4proto_put(l4proto); >> + >> + return alloc_skb(len, gfp); > > Its preferrable not to use module reference counting during packet > processing, the protocols can be accessed safely using RCU. I thought > I had fixed all those areas, but I now notice that ctnetlink is full > of similar spots and takes and drops module references quite > excessively. So just leave it as it is I guess, this should be fully > fixed anyways. Indeed, there are still a couple of module reference spots. We only remove them from the event delivery path. > I'll wait a few hours for others to comment before applying your > patches. Hm, it seems that our patches follows two different principles. AFAICS, Holger calculates an approximate message size to avoid trimming, while I calculate the exact message size. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
