Liping Zhang <zlpnobody@xxxxxxx> wrote:
> From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
>
> We only get nf_connlabels if the user add ct label set expr successfully,
> but we will also put nf_connlabels if the user delete ct lable get expr.
> This is mismathced, and will cause ct label expr cannot work properly.
>
> Also, if we init something fail, we should put nf_connlabels back.
> Otherwise, we may waste to alloc the memory that will never be used.
Acked-by: Florian Westphal <fw@xxxxxxxxx>
Unrelated to your patch:
I think its time to change conntrack labels to a pure 128 bit field:
#define NF_CT_LABELS_MAX_SIZE ((XT_CONNLABEL_MAXBIT + 1) / BITS_PER_BYTE)
struct nf_conn_labels {
unsigned long bits[NF_CT_LABELS_MAX_SIZE];
};
static inline struct nf_conn_labels *nf_ct_labels_ext_add(struct nf_conn *ct)
{
#ifdef CONFIG_NF_CONNTRACK_LABELS
struct nf_conn_labels *cl_ext;
struct net *net = nf_ct_net(ct);
if (net->ct.labels_used == 0)
return NULL;
cl_ext = nf_ct_ext_add_length(ct, NF_CT_EXT_LABELS,
sizeof(struct nf_conn_labels), GFP_ATOMIC);
if (cl_ext != NULL)
cl_ext->words = words;
return cl_ext;
#else
return NULL;
#endif
}
Most arches are 64bit so once one label is active we already allocate 16 bytes
due to the padding hole in nf_conn_labels struct.
OVS always asks for 128bit so in that case we'd only allocate 16 instead of the
current 24 byte.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
