diff options
author | Taehee Yoo <ap420073@gmail.com> | 2019-04-29 18:55:29 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-04-30 13:55:00 +0200 |
commit | 26a302afbe328ecb7507cae2035d938e6635131b (patch) | |
tree | 7a93c05288668c8a07499157fba68bfd3bcf2f7d /net | |
parent | netfilter: nft_flow_offload: add entry to flowtable after confirmation (diff) | |
download | linux-26a302afbe328ecb7507cae2035d938e6635131b.tar.xz linux-26a302afbe328ecb7507cae2035d938e6635131b.zip |
netfilter: nf_flow_table: fix netdev refcnt leak
flow_offload_alloc() calls nf_route() to get a dst_entry. Internally,
nf_route() calls ip_route_output_key() that allocates a dst_entry and
holds it. So, a dst_entry should be released by dst_release() if
nf_route() is successful.
Otherwise, netns exit routine cannot be finished and the following
message is printed:
[ 257.490952] unregister_netdevice: waiting for lo to become free. Usage count = 1
Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nft_flow_offload.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_flow_offload.c b/net/netfilter/nft_flow_offload.c index 8968c7f5a72e..69d7a8439c7a 100644 --- a/net/netfilter/nft_flow_offload.c +++ b/net/netfilter/nft_flow_offload.c @@ -112,6 +112,7 @@ static void nft_flow_offload_eval(const struct nft_expr *expr, if (ret < 0) goto err_flow_add; + dst_release(route.tuple[!dir].dst); return; err_flow_add: |