On Fri, 30 Nov 2012, Florian Westphal wrote:
> Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote:
> > > > + if (nat->masq_index && hooknum == NF_INET_POST_ROUTING &&
> > > > + CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL &&
> > > > + nat->masq_index != out->ifindex) {
> > > > + /* Outgoing interface changed, destroy conntrack. */
> > > > + nf_ct_kill_acct(cf, ctinfo, skb);
> > > > + nf_ct_put(ct);
> > >
> > > Hmm. Is the nf_ct_put() correct?
> > > nf_ct_kill invokes death_by_timeout(), which also puts ct.
> >
> > nf_nat_ipv[46]_fn starts with "nf_ct_get", so that must be released.
>
> nf_ct_get() does not increase refcount :)
Ohh, right - I'm blind.
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
