From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 11 Mar 2017 14:23:15 +0000 (+0100)
Subject: netfilter: layer7 free unused conntrack memory if there is a differnt master contrack
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=40cd905fdfa949e0fcfaff7e38cec2d5d7311899;p=people%2Farne_f%2Fkernel.git

netfilter: layer7 free unused conntrack memory if there is a differnt master contrack

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
---

diff --git a/net/netfilter/xt_layer7.c b/net/netfilter/xt_layer7.c
index bdbcd0fcfcdaf..da421c5f8eeea 100644
--- a/net/netfilter/xt_layer7.c
+++ b/net/netfilter/xt_layer7.c
@@ -482,6 +482,15 @@ match(const struct sk_buff *skbin,
 	while (master_ct(master_conntrack) != NULL)
 		master_conntrack = master_ct(master_conntrack);
 
+	/* free unused conntrack data if different master conntrack exists */
+	if (master_conntrack != conntrack) {
+		if (conntrack->layer7.app_data) {
+			DPRINTK("layer7: free unused conntrack memory.\n");
+			kfree(conntrack->layer7.app_data);
+			conntrack->layer7.app_data = NULL; /* don't free again */
+		}
+	}
+
 	/* if we've classified it or seen too many packets */
 	if(total_acct_packets(master_conntrack) > num_packets ||
 	   master_conntrack->layer7.app_proto) {