Eric Dumazet wrote: > Le lundi 10 mai 2010 à 22:18 +0200, kaber@xxxxxxxxx a écrit : >> From: Jan Engelhardt <jengelh@xxxxxxxxxx> >> >> xt_TEE can be used to clone and reroute a packet. This can for >> example be used to copy traffic at a router for logging purposes >> to another dedicated machine. >> >> References: http://www.gossamer-threads.com/lists/iptables/devel/68781 >> Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx> >> Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx> >> --- > >> +static bool tee_tg_route_oif(struct flowi *f, struct net *net, >> + const struct xt_tee_tginfo *info) >> +{ >> + const struct net_device *dev; >> + >> + if (*info->oif != '\0') >> + return true; >> + dev = dev_get_by_name(net, info->oif); >> + if (dev == NULL) >> + return false; >> + f->oif = dev->ifindex; >> + return true; >> +} >> + > > This leaks a refcount on device. > > But I see patch 76/84 replaces the whole thing, so this is probably > harmless. Correct, that patch replaces the per-packet lookup and uses netdevice notifiers to store the ifindex of the output device, without keeping a reference at all. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
