Hi Gao, On Fri, Dec 28, 2012 at 10:36:46AM +0800, Gao feng wrote: > Currectly we unregister proto before all conntrack entries of > this proto being destroyed. so in function destroy_conntrack > we can't find proper l4proto to call l4proto->destroy. > this will cause resource leak. Good catch. But better to remove the entries before unregistering the protocol tracker, so l4proto->destroy is always called. Patch attached.
>From 1c082b3ef4c9bf8bfd0159142ce6ffc49aa7bab2 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Fri, 4 Jan 2013 22:09:44 +0100 Subject: [PATCH] netfilter: nf_conntrack: fix memory leak during unregistration with GRE entries Protocol trackers are unregistered before conntrack entries of that type are removed. For that reason, l4proto->destroy is never called and that results in leaking the keymap. Fix this by releasing entries before unregistering protocols. Reported-by: Gao feng <gaofeng@xxxxxxxxxxxxxx> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> --- net/netfilter/nf_conntrack_proto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 51e928d..29cd353 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -488,6 +488,9 @@ void nf_conntrack_l4proto_unregister(struct net *net, { struct nf_proto_net *pn = NULL; + /* Remove all contrack entries before unregistration */ + nf_ct_iterate_cleanup(net, kill_l4proto, l4proto); + if (net == &init_net) nf_conntrack_l4proto_unregister_net(l4proto); @@ -497,9 +500,6 @@ void nf_conntrack_l4proto_unregister(struct net *net, pn->users--; nf_ct_l4proto_unregister_sysctl(net, pn, l4proto); - - /* Remove all contrack entries for this protocol */ - nf_ct_iterate_cleanup(net, kill_l4proto, l4proto); } EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_unregister); -- 1.7.10.4