memory leaks when stealing packets from netfilter ??

[mcdonaldtom]

Hello,

I wrote a LKM that intercepts packets as they are coming into Netfilter (NF_IP_PRE_ROUTING). If the packets are of interest, I modify the skb and send it immediately back out using dev_queue_xmit() and then return NF_STOLEN. It should be that simple, right? BUT for some reason, I am getting memory leaks - dev_queue_xmit() does not kfree the skb that I pass it.

Any ideas why the skb is not being freed ?

Thanks in advance for any advice.

Tom

[Dolda2000]

I don't really recall those parts of the kernel off hand, but don't skb's do refcounting? Do you put the skb's?

[mcdonaldtom]

Yes, there is a users/refcount field in the skb....

Another thing that I've tried is to make a copy of the skb, change some fields, send it out to dev_queue_xmit(), and return NF_DROP....but have the same memory problem with the new skb.

[Dolda2000]

Like I said, then, are you putting the skb's?

[mcdonaldtom]

Excuse my ignorance, but I don't understand what you mean by "putting the skbs".

[Dolda2000]

Oh, sorry. To "put" is used very often in the kernel in the name of the functions that decrease the refcount of various objects, such as `fput' for `struct file' pointers, kref_put for general krefs, dev_put for net devices, and so on. Generally, then, you "put" an object to indicate that you're no longer using it, so that the refcounting works as it should. I'm sorry for assuming that you knew that.

I'm not sure what function is used for putting skb's, though. I'll have a little peek through the kernel source and see if I can find it for you.

[mcdonaldtom]

Hmmm....I checked dev_queue_xmit() and it seems that I should not have to decrease the refcount before I pass the skb to it. dev_queue_xmit() kfrees the skb if the refcount is one, otherwise it decrements the refcount.