kernel: fix conntrack leak for flow_offload connections

This was caused by a race condition between offload teardown and
conntrack gc bumping the timeout of offloaded connections

Signed-off-by: Felix Fietkau <nbd@nbd.name>

1 files changed, 3 insertions, 3 deletions

diff --git a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
index 8da15bc336..2b3725f81e 100644
--- a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
+++ b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
@@ -26,9 +26,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
 --- a/net/netfilter/nf_flow_table_core.c
 +++ b/net/netfilter/nf_flow_table_core.c
-@@ -332,7 +332,7 @@ static int nf_flow_offload_gc_step(struc
- 		teardown = flow->flags & (FLOW_OFFLOAD_DYING |
- 					  FLOW_OFFLOAD_TEARDOWN);
+@@ -355,7 +355,7 @@ static int nf_flow_offload_gc_step(struc
+ 		if (!teardown)
+ 			nf_ct_offload_timeout(flow);
  
 -		if (nf_flow_in_hw(flow) && !teardown)
 +		if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)