On Thu, Mar 21, 2013 at 5:07 PM, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > That "use" field in the nf_conn object is a refcounter. In SMP, you > may have several packets traveling through the stack referencing to > the same conntrack object. The refcount is initially set to 1 because > there is a timer that releases the conntrack if it expires. > > You may also have a conntrack entries that are related to another > master conntrack (eg. FTP helper scenario: the control flow is the > master conntrack, and all data flows are related to it). In that case, > the refcount is also incremented depending on the amount of references > to it. > > nf_conntrack_find_get increments the refcount, nf_ct_put decrements it > and it checks if it has become 0, in that case the nf_conn object is > released. Now that's clearer. Thank you very much! -- Nicolas Maître -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
