| Message ID | 1503570974-2456-1-git-send-email-huanglili.huang@huawei.com |
|---|---|
| State | Superseded |
| Headers | show |
Thanks for testing. I’ll look at in detail and get back to you today. Darrell On 8/24/17, 3:36 AM, "ovs-dev-bounces@openvswitch.org on behalf of huanglili" <ovs-dev-bounces@openvswitch.org on behalf of huanglili.huang@huawei.com> wrote: From: Lili Huang <huanglili.huang@huawei.com> Conn should be removed from the list before freed. This crash will be triggered when a established flow do ct(nat) again, like "ip,actions=ct(table=1) table=1,in_port=1,ip,actions=ct(commit,nat(dst=5.5.5.5)),2 table=1,in_port=2,ip,ct_state=+est,actions=1 table=1,in_port=1,ip,ct_state=+est,actions=2" Signed-off-by: Lili Huang <huanglili.huang@huawei.com> --- lib/conntrack.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/conntrack.c b/lib/conntrack.c index 1c0e023..dd73e1a 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -779,6 +779,8 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, ct, nc, conn_for_un_nat_copy); if (!nat_res) { + ovs_list_remove(&nc->exp_node); + ctx->conn = NULL; goto nat_res_exhaustion; } -- 1.8.3.1 _______________________________________________ dev mailing list dev@openvswitch.org https://urldefense.proofpoint.com/v2/url?u=https-3A__mail.openvswitch.org_mailman_listinfo_ovs-2Ddev&d=DwICAg&c=uilaK90D4TOVoH58JNXRgQ&r=BVhFA09CGX7JQ5Ih-uZnsw&m=SFTrBlBXqEC4qsGMh3ikI8j9tYy0Wbb5Vt9FXlMqNDI&s=d9q2ZnEz8iZ2cJuZ5tAFpEMdeP45pFBeL_FmBSjyCv4&e=
diff --git a/lib/conntrack.c b/lib/conntrack.c index 1c0e023..dd73e1a 100644 --- a/lib/conntrack.c +++ b/lib/conntrack.c @@ -779,6 +779,8 @@ conn_not_found(struct conntrack *ct, struct dp_packet *pkt, ct, nc, conn_for_un_nat_copy); if (!nat_res) { + ovs_list_remove(&nc->exp_node); + ctx->conn = NULL; goto nat_res_exhaustion; }