On 24.01.2011 14:25, Pablo Neira Ayuso wrote: > On 24/01/11 14:12, Eric Dumazet wrote: >> Le lundi 24 janvier 2011 à 14:06 +0100, Pablo Neira Ayuso a écrit : >> >>> Yes, we can use nf_conntrack_get (which does atomic_inc) instead. New >>> patch attached. >> >> I feel now a bit uncomfortable, sorry ;) >> >> Are we sure the refcount cannot reach 0 while we hold >> nf_conntrack_lock ? > > the ct deletion from the hash list is protected by spin lock, so > whatever deletion would wait until we have left the dump section. > > with this patch, the code looks like it was in 2.6.24 before the rcu stuff. Yeah, we definitely have a reference while the conntrack is contained in the hash table, and removal requires taking nf_conntrack_lock, therefor using the conntrack entry while holding the lock is valid. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
