--- /dev/null
+From stable-bounces@linux.kernel.org Tue Nov 8 13:15:57 2005
+Date: Tue, 8 Nov 2005 23:16:08 +0200 (EET)
+From: Julian Anastasov <ja@ssi.bg>
+To: stable@kernel.org
+Cc: "David S. Miller" <davem@davemloft.net>, Roberto Nibali <ratz@drugphish.ch>
+Subject: [PATCH] ipvs: fix connection leak if expire_nodest_conn=1
+
+
+ Hello, forwarding patch to stable as suggested by DaveM.
+
+ There was a fix in 2.6.13 that changed the behaviour of
+ip_vs_conn_expire_now function not to put reference to connection,
+its callers should hold write lock or connection refcnt. But we
+forgot to convert one caller, when the real server for connection
+is unavailable caller should put the connection reference. It
+happens only when sysctl var expire_nodest_conn is set to 1 and
+such connections never expire. Thanks to Roberto Nibali who found
+the problem and tested a 2.4.32-rc2 patch, which is equal to this
+2.6 version.
+
+Signed-off-by: Julian Anastasov <ja@ssi.bg>
+Signed-off-by: Roberto Nibali <ratz@drugphish.ch>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+
+ net/ipv4/ipvs/ip_vs_core.c | 7 +++----
+ 1 files changed, 3 insertions(+), 4 deletions(-)
+
+Index: linux-2.6.14.y/net/ipv4/ipvs/ip_vs_core.c
+===================================================================
+--- linux-2.6.14.y.orig/net/ipv4/ipvs/ip_vs_core.c
++++ linux-2.6.14.y/net/ipv4/ipvs/ip_vs_core.c
+@@ -1009,11 +1009,10 @@ ip_vs_in(unsigned int hooknum, struct sk
+ if (sysctl_ip_vs_expire_nodest_conn) {
+ /* try to expire the connection immediately */
+ ip_vs_conn_expire_now(cp);
+- } else {
+- /* don't restart its timer, and silently
+- drop the packet. */
+- __ip_vs_conn_put(cp);
+ }
++ /* don't restart its timer, and silently
++ drop the packet. */
++ __ip_vs_conn_put(cp);
+ return NF_DROP;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
