Hi, On Mon, Apr 07, 2014 at 03:58:49PM +0400, Kirill Tkhai wrote: > Clusterip target does dev_hold() in .checkentry, while dev_put() in .destroy. > So, unregister_netdevice catches the leak: > > # modprobe dummy > # iptables -A INPUT -d 10.31.3.236 -j CLUSTERIP --new --hashmode sourceip -i dummy0 --clustermac 01:aa:7b:47:f7:d7 --total-nodes 2 --local-node 1 > # rmmod dummy > > Message from syslogd@localhost ... > kernel: unregister_netdevice: waiting for dummy0 to become free. Usage count = 1 > [...] > 1 file changed, 134 insertions(+), 12 deletions(-) I have spinned several times on this patch, and I'm not very happy with taking this fix: 1) It's quite large fix for a situation that seems unlikely to me. 2) We have this problem since the beginning, since the CLUSTERIP target was merged mainstream. 3) We have theses days the cluster match, which is more flexible as you can also use it not only for backend, but also in active-active gateway setups. It just requires a couple of arptables rules for mangling ARP replies to include the multicast MAC there. Perhaps linking net_device structure with the module that have created would simplify this, but I guess David won't take such patch just to fix this rare iptables extension, unless this is manifesting in other netdev code, eg. tunneling protocols. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
