aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJulian Anastasov <ja@ssi.bg>2005-11-08 12:40:05 -0500
committerDavid S. Miller <davem@davemloft.net>2005-11-08 12:40:05 -0500
commitdc8103f25fd7cfac2c2b295f33edc10f255b4c80 (patch)
treedb09e8efee33d1e7d4527d81a3c1b0ece03cea33
parent9ee6b535af4c2c97b4e3b88f37f244bf1004ebd4 (diff)
[IPVS]: fix connection leak if expire_nodest_conn=1
There was a fix in 2.6.13 that changed the behaviour of ip_vs_conn_expire_now function not to put reference to connection, its callers should hold write lock or connection refcnt. But we forgot to convert one caller, when the real server for connection is unavailable caller should put the connection reference. It happens only when sysctl var expire_nodest_conn is set to 1 and such connections never expire. Thanks to Roberto Nibali who found the problem and tested a 2.4.32-rc2 patch, which is equal to this 2.6 version. Patch for 2.4 is already sent to Marcelo. Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Roberto Nibali <ratz@drugphish.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c7
1 files changed, 3 insertions, 4 deletions
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 981cc3244ef2..1a0843cd58a9 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -1009,11 +1009,10 @@ ip_vs_in(unsigned int hooknum, struct sk_buff **pskb,
1009 if (sysctl_ip_vs_expire_nodest_conn) { 1009 if (sysctl_ip_vs_expire_nodest_conn) {
1010 /* try to expire the connection immediately */ 1010 /* try to expire the connection immediately */
1011 ip_vs_conn_expire_now(cp); 1011 ip_vs_conn_expire_now(cp);
1012 } else {
1013 /* don't restart its timer, and silently
1014 drop the packet. */
1015 __ip_vs_conn_put(cp);
1016 } 1012 }
1013 /* don't restart its timer, and silently
1014 drop the packet. */
1015 __ip_vs_conn_put(cp);
1017 return NF_DROP; 1016 return NF_DROP;
1018 } 1017 }
1019 1018