diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-06 13:22:47 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-07 00:58:57 +0100 |
| commit | b408c5b04f82fe4e20bceb8e4f219453d4f21f02 (patch) | |
| tree | cd33d1bcfebc1bc0bdddef0379b57eb28ef20131 /net/netfilter/nf_flow_table_inet.c | |
| parent | c0ea1bcb39352b57ac5c4b6da8acd65bddeee2c5 (diff) | |
netfilter: nf_tables: fix flowtable free
Every flow_offload entry is added into the table twice. Because of this,
rhashtable_free_and_destroy can't be used, since it would call kfree for
each flow_offload object twice.
This patch cleans up the flowtable via nf_flow_table_iterate() to
schedule removal of entries by setting on the dying bit, then there is
an explicitly invocation of the garbage collector to release resources.
Based on patch from Felix Fietkau.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_flow_table_inet.c')
| -rw-r--r-- | net/netfilter/nf_flow_table_inet.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c index 281209aeba8f..375a1881d93d 100644 --- a/net/netfilter/nf_flow_table_inet.c +++ b/net/netfilter/nf_flow_table_inet.c @@ -24,6 +24,7 @@ static struct nf_flowtable_type flowtable_inet = { .family = NFPROTO_INET, .params = &nf_flow_offload_rhash_params, .gc = nf_flow_offload_work_gc, + .free = nf_flow_table_free, .hook = nf_flow_offload_inet_hook, .owner = THIS_MODULE, }; |