Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 May 2018 16:43:47 -0400
From:      Dheeraj Kandula <>
Subject:   Dynamic Ipfw and vnet deletion
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi All,
      When a vnet is deleted, I see that the function vnet_ipfw_uninit is
invoked which invokes uma_zdestroy to destroy the zone.

When dynamic firewall rules are added, the function add_dyn_rule allocates
memory from the ip fw zone using the function uma_zalloc.

However the expired dynamic rules are deleted in a timer i.e. via the
function check_dyn_rules which is executed periodically whenever the timer

Is it possible that when the vnet is being deleted, the cleanup of expired
firewall dynamic rules isn't done and the memory is not freed up as the
timer has not fired yet. If this is possible then we have a memory leak.
Isn't it?


Want to link to this message? Use this URL: <>