You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25 lines
738 B
25 lines
738 B
6 years ago
|
From: Felix Fietkau <nbd@nbd.name>
|
||
|
Date: Thu, 14 Jun 2018 11:20:09 +0200
|
||
|
Subject: [PATCH] netfilter: nf_flow_table: fix up ct state of flows after
|
||
|
timeout
|
||
|
|
||
|
If a connection simply times out instead of being torn down, it is left
|
||
|
active with a long timeout. Fix this by calling flow_offload_fixup_ct_state
|
||
|
here as well.
|
||
|
|
||
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
||
|
---
|
||
|
|
||
|
--- a/net/netfilter/nf_flow_table_core.c
|
||
|
+++ b/net/netfilter/nf_flow_table_core.c
|
||
|
@@ -233,6 +233,9 @@ static void flow_offload_del(struct nf_f
|
||
|
e = container_of(flow, struct flow_offload_entry, flow);
|
||
|
clear_bit(IPS_OFFLOAD_BIT, &e->ct->status);
|
||
|
|
||
|
+ if (!(flow->flags & FLOW_OFFLOAD_TEARDOWN))
|
||
|
+ flow_offload_fixup_ct_state(e->ct);
|
||
|
+
|
||
|
flow_offload_free(flow);
|
||
|
}
|
||
|
|