[ovs-discuss] Ovs-conntrack code query

John Hurley john.hurley at netronome.com
Thu Oct 8 15:25:36 UTC 2015


Recently I have been looking at the ovs-conntrack branch.
I am interested in the use of netfilter conntrack templates within the
kernel for storing rule information that can then be linked to the packet
skb and in turn used when passed to the nf_conntrack kernel module.

I notice that a new template is created when a new rule is added to the
kernel with nf_conntrack_alloc and nf_conntrack_tmpl_insert
However, I do not see anywhere in the code that removes template even when
the rule itself is expired.
Looking at the source code for the nf functions above it appears that they
set up a timeout to trigger deletion but do not start the timer
(nf_conntrack_confirm sets this).
Am I missing something in the code for handling the cleanup of this memory
or is there a possible memory leak here?

The ovs-conntrack version I am using was taken from the tip of the branch
in mid September.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20151008/8464c9d1/attachment-0002.html>

More information about the discuss mailing list