Re: [PATCH] fix mem-leak in netfilter

From: Stephen Frost
Date: Mon May 15 2006 - 17:03:05 EST

Next message: Bryan O'Sullivan: "Re: [PATCH 4 of 53] ipath - cap number of PDs that can be allocated"
Previous message: Andrew Morton: "Re: [PATCH 008 of 8] md/bitmap: Change md/bitmap file handling touse bmap to file blocks."
In reply to: Patrick McHardy: "Re: [PATCH] fix mem-leak in netfilter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Stephen Frost (sfrost@xxxxxxxxxxx) wrote:
> * Patrick McHardy (kaber@xxxxxxxxx) wrote:
> > This is the updated patch, it changes the eviction strategy
> > to LRU and fixes a bug related to TTL handling, the TTL stored
> > in the entry should only be overwritten if the IPT_RECENT_TTL
> > flag is set.
>
> I thought that I had convinced myself that the TTL handling was okay and
> that where it was overwritten wasn't harmful. Oh well.

Looking at this again... The ttl isn't copied into 'ttl' unless the
check_set has TTL turned on. This means that the overwritting was fine,
if you accept that you can only ever match on TTL, or never match on it.
That doesn't seem right to me. The TTL in the table should always be
kept up-to-date and the only question is if the current rule requires it
for a match or not. This isn't a huge change, just set the local
variable always but check for if it's asked to match before calling the
lookup. Or you could move it into an if/else block.

Thanks,

Stephen

Attachment: signature.asc
Description: Digital signature

Next message: Bryan O'Sullivan: "Re: [PATCH 4 of 53] ipath - cap number of PDs that can be allocated"
Previous message: Andrew Morton: "Re: [PATCH 008 of 8] md/bitmap: Change md/bitmap file handling touse bmap to file blocks."
In reply to: Patrick McHardy: "Re: [PATCH] fix mem-leak in netfilter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]