Dynamic Ipfw and vnet deletion
Dheeraj Kandula
dkandula at gmail.com
Wed May 9 20:43:50 UTC 2018
Hi All,
When a vnet is deleted, I see that the function vnet_ipfw_uninit is
invoked which invokes uma_zdestroy to destroy the zone.
When dynamic firewall rules are added, the function add_dyn_rule allocates
memory from the ip fw zone using the function uma_zalloc.
However the expired dynamic rules are deleted in a timer i.e. via the
function check_dyn_rules which is executed periodically whenever the timer
fires.
Is it possible that when the vnet is being deleted, the cleanup of expired
firewall dynamic rules isn't done and the memory is not freed up as the
timer has not fired yet. If this is possible then we have a memory leak.
Isn't it?
Dheeraj
More information about the freebsd-ipfw
mailing list