Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote:
> > > + if (nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
> > > + CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
> > > + nat->masq_index != out->ifindex) {
> > > + /* Outgoing interface changed, destroy conntrack. */
> > > + nf_ct_kill_acct(cf, ctinfo, skb);
> > > + nf_ct_put(ct);
> >
> > Hmm. Is the nf_ct_put() correct?
> > nf_ct_kill invokes death_by_timeout(), which also puts ct.
>
> nf_nat_ipv[46]_fn starts with "nf_ct_get", so that must be released.
nf_ct_get() does not increase refcount :)
Regards,
Florian
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
