> -----Original Message----- > From: Liping Zhang [mailto:zlpnobody@xxxxxxxxx] > Hi Pablo, > > 2017-04-14 6:30 GMT+08:00 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>: > >> We should call module_put when the time policy is not found. > >> Otherwise, the related cthelper module cannot be removed anymore. > >> > >> It is easy to reproduce by typing the following command: > >> # iptables -t raw -A OUTPUT -p tcp -j CT --helper ftp --timeout xxx > > > > Can we fix all leaks in the error path in one single patch for xt_CT? > > Right. > > > Feng sent me a patch to fix another issue there, so if either you or > > him send me one single patch to fix all xt_CT refcount leaks in one > > go, I'd appreciate. > > Feng, since you spotted this issue earlier, can you send a new patch to do this? > With a new patch name: "netfilter: xt_CT: fix refcnt leak on error path". Thanks. > > Also you can add my: > Signed-off-by: Liping Zhang <zlpnobody@xxxxxxxxx> No problem. Regards Feng -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
