ok, I got it: "netpoll_rx" calls "__netpoll_rx" where skb will be freed before returning 1. 2009/3/6 matthias <mensch0815@xxxxxxxxxxxxxx>: > Dear all, > > I have a question on the tun/tap module and the network-stack. > > when we write a packet to: > "tun_chr_aio_write", it will be transported to: > "tun_get_user", it will be sent to the network-stack via: > "netif_rx_ni" to > "netif_rx", where it will be handled by "netpoll_rx". > if "netpoll_rx" returns true "netif_rx" will return with "NET_RX_DROP" > (http://lxr.linux.no/linux+v2.6.27.4/net/core/dev.c#L1905) > > but in this case skb won't be freed anywhere in the source. > > do I miss something, or could a potential heapoverflow occur in the kernel? > > best regards, > Matthias > -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
