[ovs-discuss] Ovs-conntrack code query
john.hurley at netronome.com
Fri Oct 9 13:36:16 UTC 2015
Thanks for the reply.
I have found the updated code and can now see that template insertion no
longer occurs and that there is a clear delete.
This makes much more sense to me now!
On a side note, is there any update on when conntrack will be merged into
the main branch and/or kernel distributions?
On Thu, Oct 8, 2015 at 6:59 PM, Joe Stringer <joestringer at nicira.com> wrote:
> On 8 October 2015 at 08:25, John Hurley <john.hurley at netronome.com> wrote:
> > Hi,
> > Recently I have been looking at the ovs-conntrack branch.
> > I am interested in the use of netfilter conntrack templates within the
> > kernel for storing rule information that can then be linked to the packet
> > skb and in turn used when passed to the nf_conntrack kernel module.
> > I notice that a new template is created when a new rule is added to the
> > kernel with nf_conntrack_alloc and nf_conntrack_tmpl_insert
> > (conntrack.c/ovs_ct_copy_action).
> > However, I do not see anywhere in the code that removes template even
> > the rule itself is expired.
> > Looking at the source code for the nf functions above it appears that
> > set up a timeout to trigger deletion but do not start the timer
> > (nf_conntrack_confirm sets this).
> > Am I missing something in the code for handling the cleanup of this
> > or is there a possible memory leak here?
> > The ovs-conntrack version I am using was taken from the tip of the
> branch in
> > mid September.
> Hi John, appreciate the report.
> If you look at the latest net-next version of this code, the templates
> are no longer being inserted. ovs_ct_free_action() should handle
> freeing the template itself. This will be the behaviour that
> eventually makes it back into the OVS tree kernel module backport.
> Does that satisfy your concerns?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss