Florian Westphal <fw@xxxxxxxxx> wrote: > This is part 1 of a series that aims to remove both the unconfirmed > and dying lists. The unconfirmed list is requirement only because some extensions place pointers to objects that reside in kernel modules without taking any references, e.g. the conntrack helpers or timeout policies. For normal conntracks, rmmod code path can walk the table and set the affected pointers in the extension to NULL. For the unconfirmed conntracks, this list gets used to flag those conntracks as dying so tehy won't get inserted into the table anymore. The replacement idea for the unconfirmed list is as follows (I have no code yet): 1. add a generation id to the ct extension area, set at allocation time. 2. extend nf_ct_ext_find(): if conntrack is unconfirmed, only return the extension area if ext->genid == global_id. 3. at confirm time, delete the nf_conn entry if ext->genid != global_id. 4. whenever a helper module is removed (or other problematic user such as the timeout conntrack module), increment the global_id. I.e. "walk unconfirmed list and flag entries as dying' becomes 'global_extid++'. This allows to detect conntracks that were not yet in the hashtable but might reference a (now stale) pointer to a removed helper/timeout policy object without the need to a special unconfirmed list. After these changes change, the percpu lists can be removed which avoids need for extra list insert/remove + spinlock at conntrack allocation time. Let me know if you spot a problem with the scheme above.
