netfilter: layer7 free unused conntrack memory if there is a differnt master contrack

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>

diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c
index bdbcd0fcfcdaf404ed446f2f549fc79c629d577d..da421c5f8eeea6aa9f855f488984c2e246923cd1 100644 (file)
--- a/net/netfilter/xt_layer7.c
+++ b/net/netfilter/xt_layer7.c
@@ -482,6 +482,15 @@ match(const struct sk_buff *skbin,
        while (master_ct(master_conntrack) != NULL)
                master_conntrack = master_ct(master_conntrack);
 
+       /* free unused conntrack data if different master conntrack exists */
+       if (master_conntrack != conntrack) {
+               if (conntrack->layer7.app_data) {
+                       DPRINTK("layer7: free unused conntrack memory.\n");
+                       kfree(conntrack->layer7.app_data);
+                       conntrack->layer7.app_data = NULL; /* don't free again */
+               }
+       }
+
        /* if we've classified it or seen too many packets */
        if(total_acct_packets(master_conntrack) > num_packets ||
           master_conntrack->layer7.app_proto) {