git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 27 Nov 2012 20:30:52 +0000 (21:30 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 3 Dec 2012 14:06:33 +0000 (15:06 +0100)
commit	a98178a3a2105cf4ba6313eb14ad18b8cb5d3fab
tree	21c52dcd61146f0560728cfe3662b1a9283e794e	tree \| snapshot
parent	6275c1d859d2043d75f761cd9bb7c9754b581d9d	commit \| diff

netfilter: nf_conntrack: improve nf_conn object traceability

This patch modifies the conntrack subsystem so that all existing
allocated conntrack objects can be found in any of the following
places:

* the hash table, this is the typical place for alive conntrack objects.
* the unconfirmed list, this is the place for newly created conntrack objects
  that are still traversing the stack.
* the dying list, this is where you can find conntrack objects that are dying
  or that should die anytime soon (eg. once the destroy event is delivered to
  the conntrackd daemon).

Thus, we make sure that we follow the track for all existing conntrack
objects. This patch, together with some extension of the ctnetlink interface
to dump the content of the dying and unconfirmed lists, will help in case
to debug suspected nf_conn object leaks.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_conntrack.h		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history