On Tue, 2010-02-02 at 18:16 +0100, Eric Dumazet wrote: > Le mardi 02 février 2010 à 18:04 +0100, Patrick McHardy a écrit : > > > Ah nice catch, that seems to be the problem. When the untracked > > conntrack is already attached to an skb and thus has refcnt > 1 > > and we re-initalize the refcnt, it will get freed. > > > > The question is whether the ct_net pointer of the untracked conntrack > > is actually required. If so, we need one instance per namespace, > > otherwise we can just move initialization and cleanup to the init_net > > init/cleanup functions. Alexey, do you happen to know this? > > > > One untracked per netns seems the way to go, and move it outside of > read_mostly area too, we obviously can modify its refcount frequently... Sure, that will work. Also, rather than just the NF_CT_ASSERT on the use count, maybe worth catching the specific case of trying to free the untracked ct, but that's only if it's not a horrible fast path. Anyway, thanks. If you want to send me a patch, I'll try it. Jon. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
