From 68ab89854fede80ab6a4279204462d6b898a653f Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Wed, 13 Jun 2018 12:46:54 +0200
Subject: kernel: fix conntrack leak for flow_offload connections

This was caused by a race condition between offload teardown and
conntrack gc bumping the timeout of offloaded connections

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 .../645-netfilter-nf_flow_table-rework-hardware-offload-time.patch  | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch')

diff --git a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
index 8da15bc336..2b3725f81e 100644
--- a/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
+++ b/target/linux/generic/pending-4.14/645-netfilter-nf_flow_table-rework-hardware-offload-time.patch
@@ -26,9 +26,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	struct flow_offload_tuple_rhash		tuplehash[FLOW_OFFLOAD_DIR_MAX];
 --- a/net/netfilter/nf_flow_table_core.c
 +++ b/net/netfilter/nf_flow_table_core.c
-@@ -332,7 +332,7 @@ static int nf_flow_offload_gc_step(struc
- 		teardown = flow->flags & (FLOW_OFFLOAD_DYING |
- 					  FLOW_OFFLOAD_TEARDOWN);
+@@ -355,7 +355,7 @@ static int nf_flow_offload_gc_step(struc
+ 		if (!teardown)
+ 			nf_ct_offload_timeout(flow);
  
 -		if (nf_flow_in_hw(flow) && !teardown)
 +		if ((flow->flags & FLOW_OFFLOAD_KEEP) && !teardown)
-- 
cgit v1.2.3