netfilter: conntrack: destroy functions need to free queued packets - openslx/kernel-qcow2-linux.git

diff options

author	Florian Westphal	2017-07-26 00:02:33 +0200
committer	Pablo Neira Ayuso	2017-07-31 19:09:39 +0200
commit	e2a750070aeec7af3818065b39d61cb38627ce64 (patch)
tree	54dd9cce351fb40fa4eb95d5d27e60992360c9fe /net/netfilter/nfnetlink_queue.c
parent	netfilter: add and use nf_ct_unconfirmed_destroy (diff)
download	kernel-qcow2-linux-e2a750070aeec7af3818065b39d61cb38627ce64.tar.gz kernel-qcow2-linux-e2a750070aeec7af3818065b39d61cb38627ce64.tar.xz kernel-qcow2-linux-e2a750070aeec7af3818065b39d61cb38627ce64.zip

netfilter: conntrack: destroy functions need to free queued packets

queued skbs might be using conntrack extensions that are being removed, such as timeout. This happens for skbs that have a skb->nfct in unconfirmed state (i.e., not in hash table yet). This is destructive, but there are only two use cases: - module removal (rare) - netns cleanup (most likely no conntracks exist, and if they do, they are removed anyway later on). Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/nfnetlink_queue.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: